View Full Version : HTC Log computer slow real slow
mferrington
2009-10-18, 02:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:26 PM, on 10/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6444 bytes
=======================
[I]Previous thread: http://forums.spybot.info/showthread.php?t=51108&page=5
Hi mferrington
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
mferrington
2009-10-20, 01:34
Logfile of random's system information tool 1.06 (written by random/random)
Run by Wanda at 2009-10-19 18:26:36
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 98 GB (68%) free of 143 GB
Total RAM: 2036 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:42 PM, on 10/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Wanda\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Wanda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6464 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForWanda.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Wanda.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL [2009-08-29 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"DPService"=C:\Program Files\HP\DVDPlay\DPService.exe [2008-03-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-04-14 972128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe [2007-11-20 218496]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d3659f-de84-11dd-abec-001d92f8569d}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d365cd-de84-11dd-abec-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b26da0-1d9f-11de-a695-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-10-19 18:26:36 ----D---- C:\rsit
2009-10-17 19:10:06 ----D---- C:\Program Files\Trend Micro
2009-10-17 19:07:03 ----D---- C:\Program Files\ERUNT
2009-10-15 03:00:56 ----SHD---- C:\Config.Msi
2009-10-14 08:17:01 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wups2.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wucltux.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuapp.exe
2009-09-27 19:09:31 ----A---- C:\Windows\system32\jscript.dll
2009-09-27 18:21:34 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2009-09-27 18:20:21 ----D---- C:\Windows\system32\x64
2009-09-27 18:17:43 ----A---- C:\Windows\system32\occache.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\iepeers.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\wininet.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\ieui.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iesetup.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iernonce.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\urlmon.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iertutil.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-27 18:17:37 ----A---- C:\Windows\system32\ieframe.dll
2009-09-27 18:17:36 ----A---- C:\Windows\system32\mshtml.dll
2009-09-27 18:16:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\msls31.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\icardie.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\corpol.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\admparse.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\imgutil.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\webcheck.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\msrating.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\inseng.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\wextract.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\mstime.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\ieakui.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\advpack.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\vbscript.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-27 18:16:22 ----A---- C:\Windows\system32\url.dll
2009-09-27 18:16:21 ----A---- C:\Windows\system32\mshta.exe
2009-09-27 18:16:21 ----A---- C:\Windows\system32\iexpress.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-27 17:59:05 ----D---- C:\Users\Wanda\AppData\Roaming\Mozilla
2009-09-27 17:57:44 ----D---- C:\Program Files\Mozilla Firefox
2009-09-27 17:42:53 ----D---- C:\Windows\system32\eu-ES
2009-09-27 17:42:53 ----D---- C:\Windows\system32\ca-ES
2009-09-27 17:42:50 ----D---- C:\Windows\system32\vi-VN
2009-09-27 17:14:32 ----D---- C:\Program Files\Symantec
2009-09-27 17:13:02 ----D---- C:\Program Files\Norton Internet Security
2009-09-27 17:01:10 ----D---- C:\ProgramData\PCSettings
2009-09-27 17:00:57 ----D---- C:\ProgramData\NortonInstaller
2009-09-27 17:00:57 ----D---- C:\Program Files\NortonInstaller
2009-09-27 16:41:42 ----D---- C:\ProgramData\Norton
2009-09-27 16:38:51 ----D---- C:\Windows\system32\EventProviders
2009-09-24 19:35:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-24 19:35:21 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-24 19:35:20 ----A---- C:\Windows\system32\mssrch.dll
2009-09-24 19:35:18 ----A---- C:\Windows\system32\tquery.dll
2009-09-24 19:35:17 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-24 19:35:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\scavenge.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-24 19:35:15 ----A---- C:\Windows\system32\msi.dll
2009-09-24 19:35:15 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\sysmain.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-24 19:35:12 ----A---- C:\Windows\system32\icardagt.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\spreview.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-24 19:35:10 ----A---- C:\Windows\system32\spinstall.exe
2009-09-24 19:35:10 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\spwizui.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\shell32.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\secproc.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-24 19:35:08 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssvp.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssph.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mscoree.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-24 19:35:07 ----A---- C:\Windows\system32\imapi2.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-24 19:35:06 ----A---- C:\Windows\system32\esent.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\sperror.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-24 19:35:05 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\SLC.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-24 19:35:04 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\msshsq.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-24 19:35:03 ----A---- C:\Windows\system32\msjet40.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-24 19:35:02 ----A---- C:\Windows\system32\msxml6.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\Query.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\qmgr.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\msexch40.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\diagperf.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\winload.exe
2009-09-24 19:35:00 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ole32.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ntdll.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\msxml3.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\uDWM.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mmc.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mblctr.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\EncDec.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\dfsr.exe
2009-09-24 19:34:58 ----A---- C:\Windows\system32\riched20.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\fdBth.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\spoolss.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\milcore.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\kernel32.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\Magnify.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\gpedit.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\es.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\slwmi.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\mstext40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\advapi32.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\vssapi.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\authui.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\newdev.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\setupapi.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\rpcss.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-24 19:34:51 ----A---- C:\Windows\system32\crypt32.dll
2009-09-24 19:34:51 ----A---- C:\Windows\explorer.exe
2009-09-24 19:34:50 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\msltus40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\davclnt.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\d3d9.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\mfc42.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\browseui.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\user32.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\photowiz.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\win32spl.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\samsrv.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\quartz.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\ci.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-24 19:34:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\netshell.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-24 19:34:45 ----A---- C:\Windows\system32\compcln.exe
2009-09-24 19:34:45 ----A---- C:\Windows\system32\apds.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\winhttp.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\msctf.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-24 19:34:43 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-24 19:34:43 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\gdi32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\SLUI.exe
2009-09-24 19:34:42 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\eapphost.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\winresume.exe
2009-09-24 19:34:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\propdefs.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\odbc32.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-24 19:34:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-24 19:34:39 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\usp10.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\swprv.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\vds.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\netlogon.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msscb.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msctfp.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\drvinst.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\devmgr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\evr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\BFE.DLL
2009-09-24 19:34:36 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wercon.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\services.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\adtschema.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\taskeng.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\reg.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msjter40.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdrm.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certutil.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certcli.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\w32time.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msshooks.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bthserv.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-24 19:34:31 ----A---- C:\Windows\system32\netapi32.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msstrc.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msihnd.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\dfshim.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\termsrv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\profsvc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mscories.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\inetpp.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\hidserv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\fundisc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\wdc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\msiexec.exe
2009-09-24 19:34:29 ----A---- C:\Windows\system32\imapi.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\rasmans.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\pnidui.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\icardres.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\iassdo.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\wersvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-24 19:34:27 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-24 19:34:27 ----A---- C:\Windows\system32\scrrun.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-24 19:34:27 ----A---- C:\Windows\system32\pdh.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\azroles.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\autofmt.exe
2009-09-24 19:34:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-24 19:34:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\winlogon.exe
2009-09-24 19:34:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\comuid.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\sethc.exe
2009-09-24 19:34:23 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\kd1394.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\iassam.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\certmgr.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\wisptis.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\untfs.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\spp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\scrobj.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\rtutils.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\dwm.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\autochk.exe
2009-09-24 19:34:21 ----A---- C:\Windows\system32\printui.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\iasnap.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\autoconv.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\winsrv.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\onex.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\kdcom.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\cscript.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\basecsp.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\audiodg.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\wow32.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\winmm.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\userenv.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\RelMon.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\osk.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\mswsock.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\kdusb.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-24 19:34:18 ----A---- C:\Windows\system32\offfilt.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\msftedit.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\wsepno.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\WerFault.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\Utilman.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\stobject.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\SndVol.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mscms.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mfplat.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\diskraid.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\apphelp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wscript.exe
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\ulib.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\sysclass.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\dsound.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\cryptui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastls.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-24 19:34:15 ----A---- C:\Windows\system32\gpapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\diskpart.exe
2009-09-24 19:34:15 ----A---- C:\Windows\system32\brcpl.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-24 19:34:14 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\regsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\ntprint.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\logman.exe
2009-09-24 19:34:14 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wusa.exe
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wshext.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\netcenter.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\mscorier.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\iasrad.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\findstr.exe
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wer.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\themecpl.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\uxsms.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\slcc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\scansetting.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\powrprof.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\msutb.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\iasads.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\networkmap.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\mstsc.exe
2009-09-24 19:34:10 ----A---- C:\Windows\system32\iasacct.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\sud.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\powercpl.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\newdev.exe
2009-09-24 19:34:09 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\connect.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\authz.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\usercpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\themeui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\samlib.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\pcaui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\mmci.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\autoplay.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wpcao.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\regapi.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\qdvd.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scksp.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scesrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\oleprn.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\mpr.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\imm32.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\feclient.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\sdclt.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\qedit.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\pnpui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\scecli.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasplap.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-24 19:34:04 ----A---- C:\Windows\system32\certreq.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\whealogr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\srcore.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\conime.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wlanui.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\rasppp.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\raschap.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-24 19:34:02 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\fontext.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\dsprop.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shsetup.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\mscandui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\modemui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\dataclen.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\smss.exe
2009-09-24 19:33:59 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\credui.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\certprop.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\blackbox.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wscapi.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\sendmail.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msscp.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msimtf.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\logagent.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\InkEd.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\ifmon.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\gpresult.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\cipher.exe
2009-09-24 19:33:57 ----A---- C:\Windows\system32\softkbd.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\puiapi.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\olepro32.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\msctfui.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\input.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\cdd.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\wshbth.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\version.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\msisip.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\mprapi.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fc.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\dmusic.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\Storprop.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\msjint40.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\ftp.exe
2009-09-24 19:33:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscdll.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscapi.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\bthci.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\slcinst.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdial.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\nslookup.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\mmcico.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\csrstub.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\cbsra.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\winrnr.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\slwga.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\midimap.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\inetppui.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\msimsg.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-24 19:33:25 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\wdscore.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-24 19:32:57 ----A---- C:\Windows\system32\drvstore.dll
======List of files/folders modified in the last 1 months======
2009-10-19 18:26:42 ----D---- C:\Windows\Prefetch
2009-10-19 18:26:25 ----D---- C:\Windows\Temp
2009-10-19 18:24:26 ----D---- C:\Users\Wanda\AppData\Roaming\LimeWire
2009-10-19 00:00:26 ----SHD---- C:\System Volume Information
2009-10-18 03:01:05 ----SHD---- C:\Windows\Installer
2009-10-17 19:10:06 ----D---- C:\Program Files
2009-10-17 18:43:30 ----D---- C:\Windows\System32
2009-10-17 18:43:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-17 18:43:29 ----D---- C:\Windows\inf
2009-10-15 03:00:32 ----D---- C:\Windows\winsxs
2009-10-14 08:16:42 ----D---- C:\Windows\system32\catroot
2009-10-14 08:15:57 ----D---- C:\Windows\system32\catroot2
2009-10-03 10:55:57 ----D---- C:\Windows\rescache
2009-10-03 10:39:26 ----D---- C:\Windows\Minidump
2009-10-03 10:39:08 ----D---- C:\Windows
2009-10-03 08:54:52 ----D---- C:\Windows\system32\en-US
2009-09-28 03:01:39 ----D---- C:\Program Files\Microsoft Works
2009-09-27 19:31:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-27 18:28:12 ----D---- C:\Windows\system32\migration
2009-09-27 18:28:12 ----D---- C:\Program Files\Internet Explorer
2009-09-27 18:28:08 ----D---- C:\Windows\PolicyDefinitions
2009-09-27 18:27:41 ----D---- C:\Windows\Microsoft.NET
2009-09-27 18:27:38 ----RSD---- C:\Windows\assembly
2009-09-27 18:21:11 ----D---- C:\Windows\system32\RTCOM
2009-09-27 18:21:11 ----D---- C:\Windows\system32\drivers
2009-09-27 17:51:08 ----SHD---- C:\Boot
2009-09-27 17:44:29 ----D---- C:\Program Files\Windows Mail
2009-09-27 17:44:29 ----D---- C:\Program Files\Windows Calendar
2009-09-27 17:44:29 ----D---- C:\Program Files\Movie Maker
2009-09-27 17:44:28 ----D---- C:\Program Files\Windows Sidebar
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Media Player
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Collaboration
2009-09-27 17:44:26 ----D---- C:\Program Files\Common Files\System
2009-09-27 17:44:25 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-27 17:44:21 ----D---- C:\Windows\servicing
2009-09-27 17:44:21 ----D---- C:\Program Files\Windows Defender
2009-09-27 17:44:10 ----D---- C:\Windows\system32\XPSViewer
2009-09-27 17:44:10 ----D---- C:\Windows\IME
2009-09-27 17:44:09 ----D---- C:\Windows\system32\sk-SK
2009-09-27 17:44:09 ----D---- C:\Windows\system32\lv-LV
2009-09-27 17:44:09 ----D---- C:\Windows\system32\ko-KR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\hr-HR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\et-EE
2009-09-27 17:44:09 ----D---- C:\Windows\system32\da-DK
2009-09-27 17:44:04 ----D---- C:\Windows\system32\de-DE
2009-09-27 17:44:03 ----D---- C:\Windows\system32\oobe
2009-09-27 17:44:03 ----D---- C:\Windows\system32\it-IT
2009-09-27 17:44:03 ----D---- C:\Windows\system32\el-GR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\sv-SE
2009-09-27 17:43:58 ----D---- C:\Windows\system32\setup
2009-09-27 17:43:58 ----D---- C:\Windows\system32\ru-RU
2009-09-27 17:43:58 ----D---- C:\Windows\system32\he-IL
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fr-FR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fi-FI
2009-09-27 17:43:58 ----D---- C:\Windows\system32\cs-CZ
2009-09-27 17:43:58 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-27 17:43:57 ----D---- C:\Windows\system32\SLUI
2009-09-27 17:43:57 ----D---- C:\Windows\system32\pt-PT
2009-09-27 17:43:57 ----D---- C:\Windows\system32\hu-HU
2009-09-27 17:43:56 ----D---- C:\Windows\system32\zh-CN
2009-09-27 17:43:56 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-27 17:43:56 ----D---- C:\Windows\system32\manifeststore
2009-09-27 17:43:56 ----D---- C:\Windows\system32\en
2009-09-27 17:43:55 ----D---- C:\Windows\system32\zh-TW
2009-09-27 17:43:55 ----D---- C:\Windows\system32\uk-UA
2009-09-27 17:43:55 ----D---- C:\Windows\system32\sl-SI
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ro-RO
2009-09-27 17:43:55 ----D---- C:\Windows\system32\pl-PL
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ja-JP
2009-09-27 17:43:55 ----D---- C:\Windows\system32\es-ES
2009-09-27 17:43:55 ----D---- C:\Windows\system32\bg-BG
2009-09-27 17:43:54 ----D---- C:\Windows\system32\th-TH
2009-09-27 17:43:53 ----D---- C:\Windows\system32\tr-TR
2009-09-27 17:43:51 ----D---- C:\Windows\system32\wbem
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nl-NL
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nb-NO
2009-09-27 17:43:49 ----D---- C:\Windows\system32\lt-LT
2009-09-27 17:43:49 ----D---- C:\Windows\system32\ar-SA
2009-09-27 17:43:48 ----D---- C:\Windows\system32\pt-BR
2009-09-27 17:43:48 ----D---- C:\Windows\system32\migwiz
2009-09-27 17:42:58 ----RSD---- C:\Windows\Fonts
2009-09-27 17:42:58 ----D---- C:\Windows\AppPatch
2009-09-27 17:42:50 ----D---- C:\Windows\system32\Boot
2009-09-27 17:35:40 ----D---- C:\Windows\system32\WDI
2009-09-27 17:15:58 ----D---- C:\Windows\system32\Tasks
2009-09-27 17:12:11 ----D---- C:\ProgramData\Symantec
2009-09-27 17:01:10 ----HD---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys [2009-09-11 507440]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [2009-08-24 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSvix86.sys [2009-09-10 342576]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS [2009-08-29 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1100000.088\Ironx86.SYS [2009-08-29 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NIS\1100000.088\SYMTDIV.SYS [2009-08-29 338480]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091019.002\NAVENG.SYS [2009-08-29 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091019.002\NAVEX15.SYS [2009-08-29 1323568]
R3 PTDLBus;PANTECH UM175AL Composite Device Driver; C:\Windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 32256]
R3 PTDLMdm;PANTECH UM175AL Drivers; C:\Windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 41344]
R3 PTDLVsp;PANTECH UM175AL Diagnostic Port; C:\Windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 39936]
R3 PTDLWWAN;PANTECH UM175AL WWAN Driver; C:\Windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 59776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS [2009-08-29 325168]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-27 124976]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
-----------------EOF-----------------
mferrington
2009-10-20, 01:36
info.txt logfile of random's system information tool 1.06 2009-10-19 18:26:46
======Uninstall list======
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
2780 Games XP Championship-->"C:\Program Files\Selectsoft\2780 Games XP Championship\uninstall.exe"
4500 Slots Games-->"C:\Program Files\4500 Slots Games\uninstall.exe"
500 Solitaire Games-->"C:\Program Files\Selectsoft\500 Solitaire Games\uninstall.exe"
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DVD Play-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->"C:\Windows\unins000.exe"
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Masque IGT Slots Little Green Men-->MsiExec.exe /I{A54F806B-A2E1-4794-A7FE-365167EC67CB}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\17.0.0.136\InstStub.exe /X
PANTECH UM175AL Driver-->C:\Program Files\PANTECH\PANTECH UM175AL\PTDLUninstall.exe
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Puzzle and Board XP Championship-->"C:\Program Files\Selectsoft\Puzzle and Board XP Championship\uninstall.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickLink Mobile-->C:\PROGRA~1\Alltel\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Alltel\QUICKL~1\INSTALL.LOG
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VIVA MEDIA GAME CENTER-->"C:\Program Files\OXXOGames\VIVAGplayer\MyInstall.exe" UInstAllGPAndDS
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AS: Windows Defender
=====Application event log=====
Computer Name: Ferrington-PC
Event Code: 1000
Message: Faulting application FamilyFeud.exe, version 0.0.0.0, time stamp 0x45c8d2d5, faulting module SDL_mixer.dll, version 1.2.5.0, time stamp 0x408b8a87, exception code 0xc0000005, fault offset 0x00003b4a, process id 0xbb0, application start time 0x01c96642d4fe9aa0.
Record Number: 484
Source Name: Application Error
Time Written: 20081225040852.000000-000
Event Type: Error
User:
Computer Name: Ferrington-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 475
Source Name: Microsoft-Windows-WMI
Time Written: 20081224230351.000000-000
Event Type: Error
User:
Computer Name: Ferrington-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-688339197-1683880283-3232050679-1000:
Process 528 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-688339197-1683880283-3232050679-1000
Record Number: 443
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081224230130.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ferrington-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 384
Source Name: Microsoft-Windows-Search
Time Written: 20081224224023.000000-000
Event Type: Warning
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 361
Source Name: Microsoft-Windows-WMI
Time Written: 20080614080901.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.450427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-688339197-1683880283-3232050679-500
Account Name: Administrator
Domain Name: WIN-TWUG6X8TRKR
Logon ID: 0x2f12b
Record Number: 302
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080614080853.493627-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
-----------------EOF-----------------
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire 4.18.8
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete info.txt from c:\rsit folder
Please run a new rsit log scan when finished and post the logs back here.
mferrington
2009-10-20, 06:34
Logfile of random's system information tool 1.06 (written by random/random)
Run by Wanda at 2009-10-19 23:33:20
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 98 GB (69%) free of 143 GB
Total RAM: 2036 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:23 PM, on 10/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Wanda\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Wanda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6346 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForWanda.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Wanda.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL [2009-08-29 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"DPService"=C:\Program Files\HP\DVDPlay\DPService.exe [2008-03-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-04-14 972128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe [2007-11-20 218496]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d3659f-de84-11dd-abec-001d92f8569d}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d365cd-de84-11dd-abec-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b26da0-1d9f-11de-a695-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-10-19 18:26:36 ----D---- C:\rsit
2009-10-17 19:10:06 ----D---- C:\Program Files\Trend Micro
2009-10-17 19:07:03 ----D---- C:\Program Files\ERUNT
2009-10-15 03:00:56 ----SHD---- C:\Config.Msi
2009-10-14 08:17:01 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wups2.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wucltux.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuapp.exe
2009-09-27 19:09:31 ----A---- C:\Windows\system32\jscript.dll
2009-09-27 18:21:34 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2009-09-27 18:20:21 ----D---- C:\Windows\system32\x64
2009-09-27 18:17:43 ----A---- C:\Windows\system32\occache.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\iepeers.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\wininet.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\ieui.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iesetup.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iernonce.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\urlmon.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iertutil.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-27 18:17:37 ----A---- C:\Windows\system32\ieframe.dll
2009-09-27 18:17:36 ----A---- C:\Windows\system32\mshtml.dll
2009-09-27 18:16:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\msls31.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\icardie.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\corpol.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\admparse.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\imgutil.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\webcheck.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\msrating.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\inseng.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\wextract.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\mstime.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\ieakui.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\advpack.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\vbscript.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-27 18:16:22 ----A---- C:\Windows\system32\url.dll
2009-09-27 18:16:21 ----A---- C:\Windows\system32\mshta.exe
2009-09-27 18:16:21 ----A---- C:\Windows\system32\iexpress.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-27 17:59:05 ----D---- C:\Users\Wanda\AppData\Roaming\Mozilla
2009-09-27 17:57:44 ----D---- C:\Program Files\Mozilla Firefox
2009-09-27 17:42:53 ----D---- C:\Windows\system32\eu-ES
2009-09-27 17:42:53 ----D---- C:\Windows\system32\ca-ES
2009-09-27 17:42:50 ----D---- C:\Windows\system32\vi-VN
2009-09-27 17:14:32 ----D---- C:\Program Files\Symantec
2009-09-27 17:13:02 ----D---- C:\Program Files\Norton Internet Security
2009-09-27 17:01:10 ----D---- C:\ProgramData\PCSettings
2009-09-27 17:00:57 ----D---- C:\ProgramData\NortonInstaller
2009-09-27 17:00:57 ----D---- C:\Program Files\NortonInstaller
2009-09-27 16:41:42 ----D---- C:\ProgramData\Norton
2009-09-27 16:38:51 ----D---- C:\Windows\system32\EventProviders
2009-09-24 19:35:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-24 19:35:21 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-24 19:35:20 ----A---- C:\Windows\system32\mssrch.dll
2009-09-24 19:35:18 ----A---- C:\Windows\system32\tquery.dll
2009-09-24 19:35:17 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-24 19:35:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\scavenge.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-24 19:35:15 ----A---- C:\Windows\system32\msi.dll
2009-09-24 19:35:15 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\sysmain.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-24 19:35:12 ----A---- C:\Windows\system32\icardagt.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\spreview.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-24 19:35:10 ----A---- C:\Windows\system32\spinstall.exe
2009-09-24 19:35:10 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\spwizui.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\shell32.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\secproc.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-24 19:35:08 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssvp.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssph.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mscoree.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-24 19:35:07 ----A---- C:\Windows\system32\imapi2.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-24 19:35:06 ----A---- C:\Windows\system32\esent.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\sperror.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-24 19:35:05 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\SLC.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-24 19:35:04 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\msshsq.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-24 19:35:03 ----A---- C:\Windows\system32\msjet40.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-24 19:35:02 ----A---- C:\Windows\system32\msxml6.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\Query.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\qmgr.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\msexch40.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\diagperf.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\winload.exe
2009-09-24 19:35:00 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ole32.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ntdll.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\msxml3.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\uDWM.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mmc.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mblctr.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\EncDec.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\dfsr.exe
2009-09-24 19:34:58 ----A---- C:\Windows\system32\riched20.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\fdBth.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\spoolss.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\milcore.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\kernel32.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\Magnify.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\gpedit.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\es.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\slwmi.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\mstext40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\advapi32.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\vssapi.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\authui.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\newdev.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\setupapi.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\rpcss.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-24 19:34:51 ----A---- C:\Windows\system32\crypt32.dll
2009-09-24 19:34:51 ----A---- C:\Windows\explorer.exe
2009-09-24 19:34:50 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\msltus40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\davclnt.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\d3d9.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\mfc42.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\browseui.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\user32.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\photowiz.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\win32spl.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\samsrv.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\quartz.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\ci.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-24 19:34:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\netshell.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-24 19:34:45 ----A---- C:\Windows\system32\compcln.exe
2009-09-24 19:34:45 ----A---- C:\Windows\system32\apds.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\winhttp.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\msctf.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-24 19:34:43 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-24 19:34:43 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\gdi32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\SLUI.exe
2009-09-24 19:34:42 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\eapphost.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\winresume.exe
2009-09-24 19:34:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\propdefs.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\odbc32.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-24 19:34:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-24 19:34:39 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\usp10.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\swprv.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\vds.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\netlogon.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msscb.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msctfp.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\drvinst.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\devmgr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\evr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\BFE.DLL
2009-09-24 19:34:36 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wercon.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\services.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\adtschema.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\taskeng.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\reg.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msjter40.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdrm.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certutil.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certcli.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\w32time.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msshooks.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bthserv.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-24 19:34:31 ----A---- C:\Windows\system32\netapi32.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msstrc.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msihnd.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\dfshim.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\termsrv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\profsvc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mscories.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\inetpp.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\hidserv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\fundisc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\wdc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\msiexec.exe
2009-09-24 19:34:29 ----A---- C:\Windows\system32\imapi.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\rasmans.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\pnidui.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\icardres.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\iassdo.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\wersvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-24 19:34:27 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-24 19:34:27 ----A---- C:\Windows\system32\scrrun.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-24 19:34:27 ----A---- C:\Windows\system32\pdh.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\azroles.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\autofmt.exe
2009-09-24 19:34:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-24 19:34:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\winlogon.exe
2009-09-24 19:34:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\comuid.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\sethc.exe
2009-09-24 19:34:23 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\kd1394.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\iassam.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\certmgr.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\wisptis.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\untfs.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\spp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\scrobj.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\rtutils.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\dwm.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\autochk.exe
2009-09-24 19:34:21 ----A---- C:\Windows\system32\printui.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\iasnap.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\autoconv.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\winsrv.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\onex.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\kdcom.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\cscript.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\basecsp.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\audiodg.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\wow32.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\winmm.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\userenv.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\RelMon.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\osk.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\mswsock.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\kdusb.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-24 19:34:18 ----A---- C:\Windows\system32\offfilt.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\msftedit.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\wsepno.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\WerFault.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\Utilman.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\stobject.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\SndVol.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mscms.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mfplat.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\diskraid.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\apphelp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wscript.exe
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\ulib.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\sysclass.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\dsound.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\cryptui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastls.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-24 19:34:15 ----A---- C:\Windows\system32\gpapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\diskpart.exe
2009-09-24 19:34:15 ----A---- C:\Windows\system32\brcpl.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-24 19:34:14 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\regsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\ntprint.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\logman.exe
2009-09-24 19:34:14 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wusa.exe
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wshext.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\netcenter.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\mscorier.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\iasrad.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\findstr.exe
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wer.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\themecpl.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\uxsms.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\slcc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\scansetting.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\powrprof.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\msutb.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\iasads.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\networkmap.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\mstsc.exe
2009-09-24 19:34:10 ----A---- C:\Windows\system32\iasacct.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\sud.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\powercpl.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\newdev.exe
2009-09-24 19:34:09 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\connect.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\authz.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\usercpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\themeui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\samlib.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\pcaui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\mmci.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\autoplay.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wpcao.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\regapi.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\qdvd.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scksp.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scesrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\oleprn.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\mpr.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\imm32.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\feclient.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\sdclt.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\qedit.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\pnpui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\scecli.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasplap.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-24 19:34:04 ----A---- C:\Windows\system32\certreq.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\whealogr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\srcore.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\conime.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wlanui.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\rasppp.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\raschap.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-24 19:34:02 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\fontext.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\dsprop.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shsetup.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\mscandui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\modemui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\dataclen.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\smss.exe
2009-09-24 19:33:59 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\credui.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\certprop.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\blackbox.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wscapi.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\sendmail.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msscp.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msimtf.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\logagent.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\InkEd.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\ifmon.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\gpresult.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\cipher.exe
2009-09-24 19:33:57 ----A---- C:\Windows\system32\softkbd.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\puiapi.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\olepro32.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\msctfui.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\input.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\cdd.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\wshbth.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\version.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\msisip.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\mprapi.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fc.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\dmusic.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\Storprop.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\msjint40.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\ftp.exe
2009-09-24 19:33:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscdll.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscapi.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\bthci.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\slcinst.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdial.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\nslookup.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\mmcico.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\csrstub.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\cbsra.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\winrnr.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\slwga.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\midimap.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\inetppui.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\msimsg.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-24 19:33:25 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\wdscore.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-24 19:32:57 ----A---- C:\Windows\system32\drvstore.dll
======List of files/folders modified in the last 1 months======
2009-10-19 23:33:12 ----D---- C:\Windows\Temp
2009-10-19 23:32:38 ----D---- C:\Windows\Prefetch
2009-10-19 23:27:11 ----D---- C:\Program Files
2009-10-19 23:25:23 ----D---- C:\Program Files\Selectsoft
2009-10-19 23:24:34 ----D---- C:\Program Files\LimeWire
2009-10-19 23:22:13 ----D---- C:\Users\Wanda\AppData\Roaming\LimeWire
2009-10-19 00:00:26 ----SHD---- C:\System Volume Information
2009-10-18 03:01:05 ----SHD---- C:\Windows\Installer
2009-10-17 18:43:30 ----D---- C:\Windows\System32
2009-10-17 18:43:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-17 18:43:29 ----D---- C:\Windows\inf
2009-10-15 03:00:32 ----D---- C:\Windows\winsxs
2009-10-14 08:16:42 ----D---- C:\Windows\system32\catroot
2009-10-14 08:15:57 ----D---- C:\Windows\system32\catroot2
2009-10-03 10:55:57 ----D---- C:\Windows\rescache
2009-10-03 10:39:26 ----D---- C:\Windows\Minidump
2009-10-03 10:39:08 ----D---- C:\Windows
2009-10-03 08:54:52 ----D---- C:\Windows\system32\en-US
2009-09-28 03:01:39 ----D---- C:\Program Files\Microsoft Works
2009-09-27 19:31:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-27 18:28:12 ----D---- C:\Windows\system32\migration
2009-09-27 18:28:12 ----D---- C:\Program Files\Internet Explorer
2009-09-27 18:28:08 ----D---- C:\Windows\PolicyDefinitions
2009-09-27 18:27:41 ----D---- C:\Windows\Microsoft.NET
2009-09-27 18:27:38 ----RSD---- C:\Windows\assembly
2009-09-27 18:21:11 ----D---- C:\Windows\system32\RTCOM
2009-09-27 18:21:11 ----D---- C:\Windows\system32\drivers
2009-09-27 17:51:08 ----SHD---- C:\Boot
2009-09-27 17:44:29 ----D---- C:\Program Files\Windows Mail
2009-09-27 17:44:29 ----D---- C:\Program Files\Windows Calendar
2009-09-27 17:44:29 ----D---- C:\Program Files\Movie Maker
2009-09-27 17:44:28 ----D---- C:\Program Files\Windows Sidebar
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Media Player
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Collaboration
2009-09-27 17:44:26 ----D---- C:\Program Files\Common Files\System
2009-09-27 17:44:25 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-27 17:44:21 ----D---- C:\Windows\servicing
2009-09-27 17:44:21 ----D---- C:\Program Files\Windows Defender
2009-09-27 17:44:10 ----D---- C:\Windows\system32\XPSViewer
2009-09-27 17:44:10 ----D---- C:\Windows\IME
2009-09-27 17:44:09 ----D---- C:\Windows\system32\sk-SK
2009-09-27 17:44:09 ----D---- C:\Windows\system32\lv-LV
2009-09-27 17:44:09 ----D---- C:\Windows\system32\ko-KR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\hr-HR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\et-EE
2009-09-27 17:44:09 ----D---- C:\Windows\system32\da-DK
2009-09-27 17:44:04 ----D---- C:\Windows\system32\de-DE
2009-09-27 17:44:03 ----D---- C:\Windows\system32\oobe
2009-09-27 17:44:03 ----D---- C:\Windows\system32\it-IT
2009-09-27 17:44:03 ----D---- C:\Windows\system32\el-GR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\sv-SE
2009-09-27 17:43:58 ----D---- C:\Windows\system32\setup
2009-09-27 17:43:58 ----D---- C:\Windows\system32\ru-RU
2009-09-27 17:43:58 ----D---- C:\Windows\system32\he-IL
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fr-FR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fi-FI
2009-09-27 17:43:58 ----D---- C:\Windows\system32\cs-CZ
2009-09-27 17:43:58 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-27 17:43:57 ----D---- C:\Windows\system32\SLUI
2009-09-27 17:43:57 ----D---- C:\Windows\system32\pt-PT
2009-09-27 17:43:57 ----D---- C:\Windows\system32\hu-HU
2009-09-27 17:43:56 ----D---- C:\Windows\system32\zh-CN
2009-09-27 17:43:56 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-27 17:43:56 ----D---- C:\Windows\system32\manifeststore
2009-09-27 17:43:56 ----D---- C:\Windows\system32\en
2009-09-27 17:43:55 ----D---- C:\Windows\system32\zh-TW
2009-09-27 17:43:55 ----D---- C:\Windows\system32\uk-UA
2009-09-27 17:43:55 ----D---- C:\Windows\system32\sl-SI
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ro-RO
2009-09-27 17:43:55 ----D---- C:\Windows\system32\pl-PL
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ja-JP
2009-09-27 17:43:55 ----D---- C:\Windows\system32\es-ES
2009-09-27 17:43:55 ----D---- C:\Windows\system32\bg-BG
2009-09-27 17:43:54 ----D---- C:\Windows\system32\th-TH
2009-09-27 17:43:53 ----D---- C:\Windows\system32\tr-TR
2009-09-27 17:43:51 ----D---- C:\Windows\system32\wbem
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nl-NL
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nb-NO
2009-09-27 17:43:49 ----D---- C:\Windows\system32\lt-LT
2009-09-27 17:43:49 ----D---- C:\Windows\system32\ar-SA
2009-09-27 17:43:48 ----D---- C:\Windows\system32\pt-BR
2009-09-27 17:43:48 ----D---- C:\Windows\system32\migwiz
2009-09-27 17:42:58 ----RSD---- C:\Windows\Fonts
2009-09-27 17:42:58 ----D---- C:\Windows\AppPatch
2009-09-27 17:42:50 ----D---- C:\Windows\system32\Boot
2009-09-27 17:35:40 ----D---- C:\Windows\system32\WDI
2009-09-27 17:15:58 ----D---- C:\Windows\system32\Tasks
2009-09-27 17:12:11 ----D---- C:\ProgramData\Symantec
2009-09-27 17:01:10 ----HD---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys [2009-09-11 507440]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [2009-08-24 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSvix86.sys [2009-09-10 342576]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS [2009-08-29 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1100000.088\Ironx86.SYS [2009-08-29 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NIS\1100000.088\SYMTDIV.SYS [2009-08-29 338480]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091019.002\NAVENG.SYS [2009-08-29 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091019.002\NAVEX15.SYS [2009-08-29 1323568]
R3 PTDLBus;PANTECH UM175AL Composite Device Driver; C:\Windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 32256]
R3 PTDLMdm;PANTECH UM175AL Drivers; C:\Windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 41344]
R3 PTDLVsp;PANTECH UM175AL Diagnostic Port; C:\Windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 39936]
R3 PTDLWWAN;PANTECH UM175AL WWAN Driver; C:\Windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 59776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS [2009-08-29 325168]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-27 124976]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
-----------------EOF-----------------
mferrington
2009-10-20, 06:38
This is not the computer you helped me with before shaba this is my mothers computer thanks for helping me again. Witch I know you probable already no that from the logs though. Just wanted to let you know just in case.
Thanks for info :)
Did you delete info.txt from c:\rsit folder prior to running rsit again?
If not, it will give just one log.
mferrington
2009-10-20, 15:49
I don't understand how to enter that command weither it goes in rsit or somewhere else if it goes in rsit it want take it and i don't no how to make it take it sorry.
You don't have to enter any command :)
You are supposed to go to c:\rsit folder using for example My computer or windows explorer and delete info.txt from that folder.
After that, please rerun rsit and post back fresh logs.
mferrington
2009-10-21, 01:47
Logfile of random's system information tool 1.06 (written by random/random)
Run by Wanda at 2009-10-20 18:43:54
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 100 GB (70%) free of 143 GB
Total RAM: 2036 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:01 PM, on 10/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Wanda\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Wanda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6281 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForWanda.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Wanda.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL [2009-08-29 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28 392560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"DPService"=C:\Program Files\HP\DVDPlay\DPService.exe [2008-03-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-04-14 972128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Users\Wanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d3659f-de84-11dd-abec-001d92f8569d}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d365cd-de84-11dd-abec-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0b26da0-1d9f-11de-a695-7a8020000200}]
shell\AutoRun\command - J:\AutoRun.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-10-19 18:26:36 ----D---- C:\rsit
2009-10-17 19:10:06 ----D---- C:\Program Files\Trend Micro
2009-10-17 19:07:03 ----D---- C:\Program Files\ERUNT
2009-10-14 08:18:08 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-14 08:18:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-14 08:18:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-14 08:17:06 ----A---- C:\Windows\system32\msasn1.dll
2009-10-14 08:17:01 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wups2.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wucltux.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-03 08:53:56 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-03 08:53:35 ----A---- C:\Windows\system32\wups.dll
2009-10-03 08:53:35 ----A---- C:\Windows\system32\wudriver.dll
2009-10-03 08:53:35 ----A---- C:\Windows\system32\wuapi.dll
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-03 08:53:18 ----A---- C:\Windows\system32\wuapp.exe
2009-09-27 19:09:31 ----A---- C:\Windows\system32\jscript.dll
2009-09-27 18:21:34 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2009-09-27 18:20:21 ----D---- C:\Windows\system32\x64
2009-09-27 18:17:43 ----A---- C:\Windows\system32\occache.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-27 18:17:42 ----A---- C:\Windows\system32\iepeers.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\wininet.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\ieui.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iesetup.dll
2009-09-27 18:17:41 ----A---- C:\Windows\system32\iernonce.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\urlmon.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iertutil.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-27 18:17:40 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-27 18:17:37 ----A---- C:\Windows\system32\ieframe.dll
2009-09-27 18:17:36 ----A---- C:\Windows\system32\mshtml.dll
2009-09-27 18:16:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\msls31.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\icardie.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\corpol.dll
2009-09-27 18:16:27 ----A---- C:\Windows\system32\admparse.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\imgutil.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-27 18:16:26 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\webcheck.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\msrating.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\inseng.dll
2009-09-27 18:16:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\wextract.exe
2009-09-27 18:16:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\mstime.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\ieakui.dll
2009-09-27 18:16:24 ----A---- C:\Windows\system32\advpack.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\vbscript.dll
2009-09-27 18:16:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-27 18:16:22 ----A---- C:\Windows\system32\url.dll
2009-09-27 18:16:21 ----A---- C:\Windows\system32\mshta.exe
2009-09-27 18:16:21 ----A---- C:\Windows\system32\iexpress.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-27 18:16:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-27 17:59:05 ----D---- C:\Users\Wanda\AppData\Roaming\Mozilla
2009-09-27 17:57:44 ----D---- C:\Program Files\Mozilla Firefox
2009-09-27 17:42:53 ----D---- C:\Windows\system32\eu-ES
2009-09-27 17:42:53 ----D---- C:\Windows\system32\ca-ES
2009-09-27 17:42:50 ----D---- C:\Windows\system32\vi-VN
2009-09-27 17:14:32 ----D---- C:\Program Files\Symantec
2009-09-27 17:13:02 ----D---- C:\Program Files\Norton Internet Security
2009-09-27 17:01:10 ----D---- C:\ProgramData\PCSettings
2009-09-27 17:00:57 ----D---- C:\ProgramData\NortonInstaller
2009-09-27 17:00:57 ----D---- C:\Program Files\NortonInstaller
2009-09-27 16:41:42 ----D---- C:\ProgramData\Norton
2009-09-27 16:38:51 ----D---- C:\Windows\system32\EventProviders
2009-09-24 19:35:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-24 19:35:23 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-24 19:35:22 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-24 19:35:21 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-24 19:35:20 ----A---- C:\Windows\system32\mssrch.dll
2009-09-24 19:35:18 ----A---- C:\Windows\system32\tquery.dll
2009-09-24 19:35:17 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-24 19:35:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\scavenge.dll
2009-09-24 19:35:16 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-24 19:35:15 ----A---- C:\Windows\system32\msi.dll
2009-09-24 19:35:15 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\sysmain.dll
2009-09-24 19:35:14 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-24 19:35:12 ----A---- C:\Windows\system32\icardagt.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\spreview.exe
2009-09-24 19:35:11 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-24 19:35:10 ----A---- C:\Windows\system32\spinstall.exe
2009-09-24 19:35:10 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\spwizui.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\shell32.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\secproc.dll
2009-09-24 19:35:09 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-24 19:35:08 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssvp.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mssph.dll
2009-09-24 19:35:08 ----A---- C:\Windows\system32\mscoree.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-24 19:35:07 ----A---- C:\Windows\system32\imapi2.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-24 19:35:06 ----A---- C:\Windows\system32\esent.dll
2009-09-24 19:35:06 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\sperror.dll
2009-09-24 19:35:05 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-24 19:35:05 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\SLC.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-24 19:35:04 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\msshsq.dll
2009-09-24 19:35:04 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-24 19:35:03 ----A---- C:\Windows\system32\msjet40.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\msxml6.dll
2009-09-24 19:35:02 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\Query.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\qmgr.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\msexch40.dll
2009-09-24 19:35:01 ----A---- C:\Windows\system32\diagperf.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\winload.exe
2009-09-24 19:35:00 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ole32.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\ntdll.dll
2009-09-24 19:35:00 ----A---- C:\Windows\system32\msxml3.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\uDWM.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mmc.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\mblctr.exe
2009-09-24 19:34:59 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\EncDec.dll
2009-09-24 19:34:59 ----A---- C:\Windows\system32\dfsr.exe
2009-09-24 19:34:58 ----A---- C:\Windows\system32\riched20.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-24 19:34:58 ----A---- C:\Windows\system32\fdBth.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\spoolss.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-24 19:34:57 ----A---- C:\Windows\system32\milcore.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\kernel32.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-24 19:34:57 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-24 19:34:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\Magnify.exe
2009-09-24 19:34:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\gpedit.dll
2009-09-24 19:34:55 ----A---- C:\Windows\system32\es.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\slwmi.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\mstext40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-24 19:34:54 ----A---- C:\Windows\system32\advapi32.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\vssapi.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-24 19:34:53 ----A---- C:\Windows\system32\authui.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\propsys.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-24 19:34:52 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\newdev.dll
2009-09-24 19:34:52 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\setupapi.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\rpcss.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-24 19:34:51 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-24 19:34:51 ----A---- C:\Windows\system32\crypt32.dll
2009-09-24 19:34:51 ----A---- C:\Windows\explorer.exe
2009-09-24 19:34:50 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\msltus40.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\davclnt.dll
2009-09-24 19:34:50 ----A---- C:\Windows\system32\d3d9.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\mfc42.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-24 19:34:49 ----A---- C:\Windows\system32\browseui.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\user32.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\photowiz.dll
2009-09-24 19:34:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\win32spl.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\samsrv.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\quartz.dll
2009-09-24 19:34:47 ----A---- C:\Windows\system32\ci.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-24 19:34:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-24 19:34:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\netshell.dll
2009-09-24 19:34:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-24 19:34:45 ----A---- C:\Windows\system32\compcln.exe
2009-09-24 19:34:45 ----A---- C:\Windows\system32\apds.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\winhttp.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\msctf.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-24 19:34:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-24 19:34:43 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-24 19:34:43 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-24 19:34:43 ----A---- C:\Windows\system32\gdi32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\SLUI.exe
2009-09-24 19:34:42 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-24 19:34:42 ----A---- C:\Windows\system32\eapphost.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\winresume.exe
2009-09-24 19:34:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\propdefs.dll
2009-09-24 19:34:41 ----A---- C:\Windows\system32\odbc32.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-24 19:34:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-24 19:34:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-24 19:34:39 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\usp10.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\swprv.dll
2009-09-24 19:34:38 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\vds.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\netlogon.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msscb.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\msctfp.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-24 19:34:37 ----A---- C:\Windows\system32\drvinst.exe
2009-09-24 19:34:37 ----A---- C:\Windows\system32\devmgr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\evr.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-24 19:34:36 ----A---- C:\Windows\system32\BFE.DLL
2009-09-24 19:34:36 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-24 19:34:35 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wercon.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\services.exe
2009-09-24 19:34:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-24 19:34:34 ----A---- C:\Windows\system32\adtschema.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\taskeng.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\reg.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msjter40.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\msdrm.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certutil.exe
2009-09-24 19:34:33 ----A---- C:\Windows\system32\certcli.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\w32time.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msshooks.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bthserv.dll
2009-09-24 19:34:32 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-24 19:34:31 ----A---- C:\Windows\system32\netapi32.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msstrc.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\msihnd.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-24 19:34:31 ----A---- C:\Windows\system32\dfshim.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\termsrv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\profsvc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\mscories.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\inetpp.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\hidserv.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\fundisc.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-24 19:34:30 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\wdc.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-24 19:34:29 ----A---- C:\Windows\system32\msiexec.exe
2009-09-24 19:34:29 ----A---- C:\Windows\system32\imapi.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\rasmans.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\pnidui.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\icardres.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\iassdo.dll
2009-09-24 19:34:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\wersvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-24 19:34:27 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-24 19:34:27 ----A---- C:\Windows\system32\scrrun.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-24 19:34:27 ----A---- C:\Windows\system32\pdh.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\azroles.dll
2009-09-24 19:34:27 ----A---- C:\Windows\system32\autofmt.exe
2009-09-24 19:34:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-24 19:34:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-24 19:34:25 ----A---- C:\Windows\system32\winlogon.exe
2009-09-24 19:34:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-24 19:34:24 ----A---- C:\Windows\system32\comuid.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\sethc.exe
2009-09-24 19:34:23 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\kd1394.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\iassam.dll
2009-09-24 19:34:23 ----A---- C:\Windows\system32\certmgr.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\wisptis.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\untfs.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\spp.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\scrobj.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\rtutils.dll
2009-09-24 19:34:22 ----A---- C:\Windows\system32\dwm.exe
2009-09-24 19:34:22 ----A---- C:\Windows\system32\autochk.exe
2009-09-24 19:34:21 ----A---- C:\Windows\system32\printui.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\iasnap.dll
2009-09-24 19:34:21 ----A---- C:\Windows\system32\autoconv.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\winsrv.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\onex.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\kdcom.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\cscript.exe
2009-09-24 19:34:20 ----A---- C:\Windows\system32\basecsp.dll
2009-09-24 19:34:20 ----A---- C:\Windows\system32\audiodg.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\wow32.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\winmm.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\userenv.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\RelMon.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\osk.exe
2009-09-24 19:34:19 ----A---- C:\Windows\system32\mswsock.dll
2009-09-24 19:34:19 ----A---- C:\Windows\system32\kdusb.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-24 19:34:18 ----A---- C:\Windows\system32\offfilt.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\msftedit.dll
2009-09-24 19:34:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\wsepno.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\WerFault.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\Utilman.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\stobject.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\SndVol.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mscms.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\mfplat.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\diskraid.exe
2009-09-24 19:34:17 ----A---- C:\Windows\system32\apphelp.dll
2009-09-24 19:34:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wscript.exe
2009-09-24 19:34:16 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\ulib.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\sysclass.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\dsound.dll
2009-09-24 19:34:16 ----A---- C:\Windows\system32\cryptui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastls.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\rastapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-24 19:34:15 ----A---- C:\Windows\system32\gpapi.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-24 19:34:15 ----A---- C:\Windows\system32\diskpart.exe
2009-09-24 19:34:15 ----A---- C:\Windows\system32\brcpl.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-24 19:34:14 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\regsvc.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\ntprint.dll
2009-09-24 19:34:14 ----A---- C:\Windows\system32\logman.exe
2009-09-24 19:34:14 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wusa.exe
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wshext.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\netcenter.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\mscorier.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\iasrad.dll
2009-09-24 19:34:13 ----A---- C:\Windows\system32\findstr.exe
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\wer.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\themecpl.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-24 19:34:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\uxsms.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\slcc.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\scansetting.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\powrprof.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\msutb.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-24 19:34:11 ----A---- C:\Windows\system32\iasads.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\networkmap.dll
2009-09-24 19:34:10 ----A---- C:\Windows\system32\mstsc.exe
2009-09-24 19:34:10 ----A---- C:\Windows\system32\iasacct.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\sud.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\powercpl.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\newdev.exe
2009-09-24 19:34:09 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\connect.dll
2009-09-24 19:34:09 ----A---- C:\Windows\system32\authz.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\usercpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\themeui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\samlib.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\pcaui.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\mmci.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\autoplay.dll
2009-09-24 19:34:08 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wpcao.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\regapi.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\qdvd.dll
2009-09-24 19:34:07 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scksp.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\scesrv.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-24 19:34:06 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\oleprn.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\mpr.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\imm32.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\feclient.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-24 19:34:06 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\sdclt.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\qedit.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\pnpui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-24 19:34:05 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-24 19:34:05 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\scecli.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasplap.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-24 19:34:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-24 19:34:04 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-24 19:34:04 ----A---- C:\Windows\system32\certreq.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\whealogr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\srcore.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-24 19:34:03 ----A---- C:\Windows\system32\conime.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-24 19:34:03 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wlanui.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\rasppp.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\raschap.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-24 19:34:02 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\fontext.dll
2009-09-24 19:34:02 ----A---- C:\Windows\system32\dsprop.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\shsetup.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\mscandui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\modemui.dll
2009-09-24 19:34:01 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\dataclen.dll
2009-09-24 19:34:00 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\smss.exe
2009-09-24 19:33:59 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\credui.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\certprop.dll
2009-09-24 19:33:59 ----A---- C:\Windows\system32\blackbox.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wscapi.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\sendmail.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msscp.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\msimtf.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\logagent.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\InkEd.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\ifmon.dll
2009-09-24 19:33:58 ----A---- C:\Windows\system32\gpresult.exe
2009-09-24 19:33:58 ----A---- C:\Windows\system32\cipher.exe
2009-09-24 19:33:57 ----A---- C:\Windows\system32\softkbd.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\puiapi.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\olepro32.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\msctfui.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\input.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-24 19:33:57 ----A---- C:\Windows\system32\cdd.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\wshbth.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\version.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\msisip.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\mprapi.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\fc.exe
2009-09-24 19:33:56 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-24 19:33:56 ----A---- C:\Windows\system32\dmusic.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\Storprop.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\msjint40.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\ftp.exe
2009-09-24 19:33:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscdll.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\cscapi.dll
2009-09-24 19:33:55 ----A---- C:\Windows\system32\bthci.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\slcinst.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdial.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\nslookup.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-24 19:33:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-24 19:33:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-24 19:33:53 ----A---- C:\Windows\system32\mmcico.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-24 19:33:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-24 19:33:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\csrstub.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\cbsra.exe
2009-09-24 19:33:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\winrnr.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\slwga.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\midimap.dll
2009-09-24 19:33:51 ----A---- C:\Windows\system32\inetppui.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\msimsg.dll
2009-09-24 19:33:48 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-24 19:33:25 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\wdscore.dll
2009-09-24 19:33:18 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-24 19:32:57 ----A---- C:\Windows\system32\drvstore.dll
======List of files/folders modified in the last 1 months======
2009-10-20 18:43:39 ----D---- C:\Windows\Temp
2009-10-20 18:42:21 ----D---- C:\Windows\Microsoft.NET
2009-10-20 18:42:19 ----RSD---- C:\Windows\assembly
2009-10-20 18:42:15 ----D---- C:\Windows\System32
2009-10-20 18:42:15 ----D---- C:\Windows\inf
2009-10-20 18:42:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-20 18:37:31 ----D---- C:\Windows\Prefetch
2009-10-20 18:36:33 ----D---- C:\Windows\system32\catroot
2009-10-20 18:36:21 ----SHD---- C:\System Volume Information
2009-10-20 18:34:31 ----D---- C:\Windows\system32\en-US
2009-10-20 18:34:30 ----D---- C:\Program Files\Windows Mail
2009-10-20 08:55:11 ----D---- C:\Windows\winsxs
2009-10-20 08:53:29 ----SHD---- C:\Windows\Installer
2009-10-20 08:51:19 ----D---- C:\Windows\system32\catroot2
2009-10-20 08:50:58 ----D---- C:\Windows\system32\drivers
2009-10-19 23:27:11 ----D---- C:\Program Files
2009-10-19 23:25:23 ----D---- C:\Program Files\Selectsoft
2009-10-19 23:24:34 ----D---- C:\Program Files\LimeWire
2009-10-19 23:22:13 ----D---- C:\Users\Wanda\AppData\Roaming\LimeWire
2009-10-03 10:55:57 ----D---- C:\Windows\rescache
2009-10-03 10:39:26 ----D---- C:\Windows\Minidump
2009-10-03 10:39:08 ----D---- C:\Windows
2009-10-02 13:01:57 ----A---- C:\Windows\system32\mrt.exe
2009-09-28 03:01:39 ----D---- C:\Program Files\Microsoft Works
2009-09-27 19:31:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-27 18:28:12 ----D---- C:\Windows\system32\migration
2009-09-27 18:28:12 ----D---- C:\Program Files\Internet Explorer
2009-09-27 18:28:08 ----D---- C:\Windows\PolicyDefinitions
2009-09-27 18:21:11 ----D---- C:\Windows\system32\RTCOM
2009-09-27 17:51:08 ----SHD---- C:\Boot
2009-09-27 17:44:29 ----D---- C:\Program Files\Windows Calendar
2009-09-27 17:44:29 ----D---- C:\Program Files\Movie Maker
2009-09-27 17:44:28 ----D---- C:\Program Files\Windows Sidebar
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Media Player
2009-09-27 17:44:27 ----D---- C:\Program Files\Windows Collaboration
2009-09-27 17:44:26 ----D---- C:\Program Files\Common Files\System
2009-09-27 17:44:25 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-27 17:44:21 ----D---- C:\Windows\servicing
2009-09-27 17:44:21 ----D---- C:\Program Files\Windows Defender
2009-09-27 17:44:10 ----D---- C:\Windows\system32\XPSViewer
2009-09-27 17:44:10 ----D---- C:\Windows\IME
2009-09-27 17:44:09 ----D---- C:\Windows\system32\sk-SK
2009-09-27 17:44:09 ----D---- C:\Windows\system32\lv-LV
2009-09-27 17:44:09 ----D---- C:\Windows\system32\ko-KR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\hr-HR
2009-09-27 17:44:09 ----D---- C:\Windows\system32\et-EE
2009-09-27 17:44:09 ----D---- C:\Windows\system32\da-DK
2009-09-27 17:44:04 ----D---- C:\Windows\system32\de-DE
2009-09-27 17:44:03 ----D---- C:\Windows\system32\oobe
2009-09-27 17:44:03 ----D---- C:\Windows\system32\it-IT
2009-09-27 17:44:03 ----D---- C:\Windows\system32\el-GR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\sv-SE
2009-09-27 17:43:58 ----D---- C:\Windows\system32\setup
2009-09-27 17:43:58 ----D---- C:\Windows\system32\ru-RU
2009-09-27 17:43:58 ----D---- C:\Windows\system32\he-IL
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fr-FR
2009-09-27 17:43:58 ----D---- C:\Windows\system32\fi-FI
2009-09-27 17:43:58 ----D---- C:\Windows\system32\cs-CZ
2009-09-27 17:43:58 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-27 17:43:57 ----D---- C:\Windows\system32\SLUI
2009-09-27 17:43:57 ----D---- C:\Windows\system32\pt-PT
2009-09-27 17:43:57 ----D---- C:\Windows\system32\hu-HU
2009-09-27 17:43:56 ----D---- C:\Windows\system32\zh-CN
2009-09-27 17:43:56 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-27 17:43:56 ----D---- C:\Windows\system32\manifeststore
2009-09-27 17:43:56 ----D---- C:\Windows\system32\en
2009-09-27 17:43:55 ----D---- C:\Windows\system32\zh-TW
2009-09-27 17:43:55 ----D---- C:\Windows\system32\uk-UA
2009-09-27 17:43:55 ----D---- C:\Windows\system32\sl-SI
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ro-RO
2009-09-27 17:43:55 ----D---- C:\Windows\system32\pl-PL
2009-09-27 17:43:55 ----D---- C:\Windows\system32\ja-JP
2009-09-27 17:43:55 ----D---- C:\Windows\system32\es-ES
2009-09-27 17:43:55 ----D---- C:\Windows\system32\bg-BG
2009-09-27 17:43:54 ----D---- C:\Windows\system32\th-TH
2009-09-27 17:43:53 ----D---- C:\Windows\system32\tr-TR
2009-09-27 17:43:51 ----D---- C:\Windows\system32\wbem
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nl-NL
2009-09-27 17:43:49 ----D---- C:\Windows\system32\nb-NO
2009-09-27 17:43:49 ----D---- C:\Windows\system32\lt-LT
2009-09-27 17:43:49 ----D---- C:\Windows\system32\ar-SA
2009-09-27 17:43:48 ----D---- C:\Windows\system32\pt-BR
2009-09-27 17:43:48 ----D---- C:\Windows\system32\migwiz
2009-09-27 17:42:58 ----RSD---- C:\Windows\Fonts
2009-09-27 17:42:58 ----D---- C:\Windows\AppPatch
2009-09-27 17:42:50 ----D---- C:\Windows\system32\Boot
2009-09-27 17:35:40 ----D---- C:\Windows\system32\WDI
2009-09-27 17:15:58 ----D---- C:\Windows\system32\Tasks
2009-09-27 17:12:11 ----D---- C:\ProgramData\Symantec
2009-09-27 17:01:10 ----HD---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20090921.001\BHDrvx86.sys [2009-09-11 507440]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [2009-08-24 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSvix86.sys [2009-09-10 342576]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS [2009-08-29 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1100000.088\Ironx86.SYS [2009-08-29 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NIS\1100000.088\SYMTDIV.SYS [2009-08-29 338480]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091020.006\NAVENG.SYS [2009-08-29 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091020.006\NAVEX15.SYS [2009-08-29 1323568]
R3 PTDLBus;PANTECH UM175AL Composite Device Driver; C:\Windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 32256]
R3 PTDLMdm;PANTECH UM175AL Drivers; C:\Windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 41344]
R3 PTDLVsp;PANTECH UM175AL Diagnostic Port; C:\Windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 39936]
R3 PTDLWWAN;PANTECH UM175AL WWAN Driver; C:\Windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 59776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS [2009-08-29 325168]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-27 124976]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
-----------------EOF-----------------
mferrington
2009-10-21, 01:51
info.txt logfile of random's system information tool 1.06 2009-10-20 18:44:05
======Uninstall list======
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
2780 Games XP Championship-->"C:\Program Files\Selectsoft\2780 Games XP Championship\uninstall.exe"
500 Solitaire Games-->"C:\Program Files\Selectsoft\500 Solitaire Games\uninstall.exe"
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DVD Play-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->"C:\Windows\unins000.exe"
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
Masque IGT Slots Little Green Men-->MsiExec.exe /I{A54F806B-A2E1-4794-A7FE-365167EC67CB}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\17.0.0.136\InstStub.exe /X
PANTECH UM175AL Driver-->C:\Program Files\PANTECH\PANTECH UM175AL\PTDLUninstall.exe
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickLink Mobile-->C:\PROGRA~1\Alltel\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Alltel\QUICKL~1\INSTALL.LOG
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VIVA MEDIA GAME CENTER-->"C:\Program Files\OXXOGames\VIVAGplayer\MyInstall.exe" UInstAllGPAndDS
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AS: Windows Defender
=====Application event log=====
Computer Name: Ferrington-PC
Event Code: 1000
Message: Faulting application FamilyFeud.exe, version 0.0.0.0, time stamp 0x45c8d2d5, faulting module SDL_mixer.dll, version 1.2.5.0, time stamp 0x408b8a87, exception code 0xc0000005, fault offset 0x00003b4a, process id 0xbb0, application start time 0x01c96642d4fe9aa0.
Record Number: 484
Source Name: Application Error
Time Written: 20081225040852.000000-000
Event Type: Error
User:
Computer Name: Ferrington-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 475
Source Name: Microsoft-Windows-WMI
Time Written: 20081224230351.000000-000
Event Type: Error
User:
Computer Name: Ferrington-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-688339197-1683880283-3232050679-1000:
Process 528 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-688339197-1683880283-3232050679-1000
Record Number: 443
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081224230130.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ferrington-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 384
Source Name: Microsoft-Windows-Search
Time Written: 20081224224023.000000-000
Event Type: Warning
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 361
Source Name: Microsoft-Windows-WMI
Time Written: 20080614080901.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.450427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-TWUG6X8TRKR$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x248
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080614080920.138427-000
Event Type: Audit Success
User:
Computer Name: WIN-TWUG6X8TRKR
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-688339197-1683880283-3232050679-500
Account Name: Administrator
Domain Name: WIN-TWUG6X8TRKR
Logon ID: 0x2f12b
Record Number: 302
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080614080853.493627-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
-----------------EOF-----------------
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
mferrington
2009-10-21, 21:55
Showed nothing and i'm trying to get another htc file but it keeps giving me the old one
mferrington
2009-10-21, 22:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:01 PM, on 10/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Wanda\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Wanda.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6281 bytes
In that case please delete hijackthis.log from C:\Program Files\Trend Micro\HijackThis, rescan with hijackthis and post back a fresh log, please.
mferrington
2009-10-22, 15:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:03 AM, on 10/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{374499DD-9E4D-4E18-AF11-4035B64FB94B}: NameServer = 75.116.127.154 75.116.63.154
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6286 bytes
That looks good :)
Still something?
mferrington
2009-10-22, 19:48
Nope I think it looks good once again thanks for the help. I will make a donation after christmas gets past us. I really do appericate your help.
Glad to hear :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.