Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: Just Checking

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default Just Checking

    My computer has been running sluggishly lately, so I am checking yo make sure I am not infected.

    HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:07:39 AM, on 10/5/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iWinArcadeAutocleanup.bat
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 6525 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi jmj3000

    Looking over your log, it seems you don't have any evidence of an anti-virus software.

    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

    1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
    2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
    3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

    You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

    After that, please post back a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default

    my friend will beat me for forgetting to install avast this weekend >.< but here is that new HJT log

    HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:46:26 AM, on 10/6/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7437 bytes

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default

    here is log.txt

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Administrator at 2008-10-06 09:50:41
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 382 MB (14% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:50:58 AM, on 10/6/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7566 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-16 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-16 2403392]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"= []
    "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-17 9117696]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe [2006-11-01 315904]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-02-25 339968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Hasbro Interactive\Clue\Clue.exe"="C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======List of files/folders created in the last 3 months======

    2008-10-06 09:50:41 ----D---- C:\rsit
    2008-10-06 07:09:13 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-10-06 07:07:40 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
    2008-10-06 06:51:40 ----D---- C:\Program Files\Windows Media Connect 2
    2008-10-06 06:48:56 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
    2008-10-06 06:35:45 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
    2008-10-06 06:28:59 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-06 06:26:12 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
    2008-10-06 06:22:02 ----D---- C:\WINDOWS\LastGood
    2008-10-06 05:42:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2008-10-06 05:42:37 ----D---- C:\Program Files\Alwil Software
    2008-10-04 05:50:56 ----D---- C:\Program Files\Broadcom
    2008-09-30 03:02:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
    2008-09-30 03:00:00 ----A---- C:\WINDOWS\system32\thxcfg.ini
    2008-09-28 23:07:54 ----D---- C:\Documents and Settings\Administrator\Application Data\MySpace
    2008-09-28 23:07:42 ----D---- C:\Program Files\MySpace
    2008-09-28 03:05:41 ----D---- C:\Program Files\iWin.com
    2008-09-28 03:01:13 ----D---- C:\Documents and Settings\Administrator\Application Data\iWinArcade
    2008-09-28 03:01:01 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
    2008-09-28 03:00:44 ----D---- C:\Program Files\iWin Games
    2008-09-28 01:19:13 ----D---- C:\WINDOWS\system32\Adobe
    2008-09-25 07:19:27 ----A---- C:\WINDOWS\system32\_packet.dlluninstall
    2008-09-25 07:19:19 ----D---- C:\Program Files\CACE Technologies
    2008-09-25 06:42:45 ----D---- C:\Program Files\Cain
    2008-09-25 06:24:32 ----A---- C:\WINDOWS\Awpr.ini
    2008-09-25 06:24:04 ----D---- C:\Program Files\ElcomSoft
    2008-09-25 04:58:26 ----D---- C:\Program Files\Hasbro Interactive
    2008-09-25 04:25:37 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2008-09-25 03:03:39 ----D---- C:\UT2004
    2008-09-23 22:33:21 ----D---- C:\Program Files\Wonderland Online
    2008-09-23 07:43:28 ----D---- C:\WINDOWS\Prefetch
    2008-09-23 07:29:30 ----D---- C:\WINDOWS\system32\scripting
    2008-09-23 07:29:29 ----D---- C:\WINDOWS\l2schemas
    2008-09-23 07:29:28 ----D---- C:\WINDOWS\system32\en
    2008-09-23 07:29:27 ----D---- C:\WINDOWS\system32\bits
    2008-09-23 07:25:42 ----D---- C:\WINDOWS\ServicePackFiles
    2008-09-23 07:19:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-09-23 07:14:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-09-23 06:42:02 ----A---- C:\wl_setup_2.0.3.exe
    2008-09-23 06:00:56 ----D---- C:\WINDOWS\ie7updates
    2008-09-23 05:59:38 ----D---- C:\WINDOWS\WBEM
    2008-09-23 05:55:43 ----HDC---- C:\WINDOWS\ie7
    2008-09-23 05:54:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-09-23 05:51:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-09-23 05:50:02 ----D---- C:\Program Files\Common Files\Apple
    2008-09-23 05:49:02 ----D---- C:\Program Files\QuickTime
    2008-09-23 05:48:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-23 05:47:11 ----D---- C:\Program Files\Apple Software Update
    2008-09-23 05:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-23 05:46:34 ----N---- C:\WINDOWS\system32\xmllite.dll
    2008-09-23 05:36:15 ----D---- C:\WINDOWS\network diagnostic
    2008-09-19 03:56:48 ----D---- C:\Program Files\PopCap Games
    2008-09-19 00:26:12 ----D---- C:\Program Files\LucasArts
    2008-09-06 21:27:05 ----A---- C:\WINDOWS\system32\DellSys.dll
    2008-09-06 21:26:50 ----D---- C:\Program Files\Dell
    2008-09-06 07:14:10 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
    2008-09-06 07:09:19 ----D---- C:\Program Files\OpenOffice.org 2.4
    2008-09-06 07:09:00 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-09-06 07:09:00 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-09-06 07:09:00 ----A---- C:\WINDOWS\system32\java.exe
    2008-09-05 18:24:12 ----D---- C:\Program Files\MSBuild
    2008-09-05 18:24:00 ----D---- C:\WINDOWS\system32\XPSViewer
    2008-09-05 18:23:43 ----D---- C:\WINDOWS\system32\en-us
    2008-09-05 18:23:41 ----D---- C:\Program Files\Reference Assemblies
    2008-09-05 18:21:53 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2008-09-05 18:18:02 ----RSD---- C:\WINDOWS\assembly
    2008-09-05 18:15:20 ----D---- C:\WINDOWS\Microsoft.NET
    2008-09-05 18:11:06 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
    2008-09-05 18:10:55 ----D---- C:\Program Files\MSXML 6.0
    2008-09-05 03:00:48 ----D---- C:\Program Files\MSXML 4.0
    2008-09-05 02:20:53 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-05 02:19:47 ----A---- C:\WINDOWS\system32\Vb6stkit.dll
    2008-09-05 02:19:34 ----D---- C:\Program Files\eGames
    2008-09-05 01:32:40 ----SHD---- C:\RECYCLER
    2008-09-05 01:14:27 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2008-09-05 01:14:21 ----N---- C:\WINDOWS\system32\verclsid.exe
    2008-09-05 01:14:16 ----N---- C:\WINDOWS\system32\tspkg.dll
    2008-09-05 01:14:16 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2008-09-05 01:14:06 ----N---- C:\WINDOWS\system32\spupdwxp.exe
    2008-09-05 01:14:05 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\system32\slserv.exe
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\system32\slrundll.exe
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\system32\slgen.dll
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\system32\slextspk.dll
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\system32\slcoinst.dll
    2008-09-05 01:14:03 ----N---- C:\WINDOWS\slrundll.exe
    2008-09-05 01:13:58 ----N---- C:\WINDOWS\system32\setupn.exe
    2008-09-05 01:13:55 ----N---- C:\WINDOWS\system32\s3gnb.dll
    2008-09-05 01:13:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2008-09-05 01:13:52 ----N---- C:\WINDOWS\system32\rasqec.dll
    2008-09-05 01:13:52 ----N---- C:\WINDOWS\system32\qutil.dll
    2008-09-05 01:13:50 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2008-09-05 01:13:50 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2008-09-05 01:13:50 ----N---- C:\WINDOWS\system32\qagent.dll
    2008-09-05 01:13:45 ----N---- C:\WINDOWS\system32\onex.dll
    2008-09-05 01:13:39 ----N---- C:\WINDOWS\system32\nv4_disp.dll
    2008-09-05 01:13:26 ----N---- C:\WINDOWS\system32\napstat.exe
    2008-09-05 01:13:26 ----N---- C:\WINDOWS\system32\napmontr.dll
    2008-09-05 01:13:26 ----N---- C:\WINDOWS\system32\napipsec.dll
    2008-09-05 01:13:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
    2008-09-05 01:13:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2008-09-05 01:13:21 ----N---- C:\WINDOWS\system32\mssha.dll
    2008-09-05 01:13:00 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2008-09-05 01:12:59 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-09-05 01:12:59 ----N---- C:\WINDOWS\system32\mmcex.dll
    2008-09-05 01:12:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-09-05 01:12:57 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
    2008-09-05 01:12:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2008-09-05 01:12:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2008-09-05 01:12:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2008-09-05 01:12:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2008-09-05 01:12:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2008-09-05 01:12:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2008-09-05 01:12:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
    2008-09-05 01:12:27 ----N---- C:\WINDOWS\system32\rwnh.dll
    2008-09-05 01:12:19 ----N---- C:\WINDOWS\system32\comsdupd.exe
    2008-09-05 01:12:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
    2008-09-05 01:11:56 ----N---- C:\WINDOWS\system32\faxpatch.exe
    2008-09-05 01:11:56 ----A---- C:\WINDOWS\003080_.tmp
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eapqec.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eapphost.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2008-09-05 01:11:53 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2008-09-05 01:11:50 ----N---- C:\WINDOWS\system32\dot3api.dll
    2008-09-05 01:11:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2008-09-05 01:11:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2008-09-05 01:11:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2008-09-05 01:11:44 ----N---- C:\WINDOWS\system32\credssp.dll
    2008-09-05 01:11:37 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-05 01:11:37 ----N---- C:\WINDOWS\system32\azroles.dll
    2008-09-05 01:11:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
    2008-09-05 01:11:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
    2008-09-05 01:11:35 ----N---- C:\WINDOWS\system32\ati3duag.dll
    2008-09-05 01:11:35 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
    2008-09-05 01:11:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
    2008-09-05 01:11:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
    2008-09-05 01:11:34 ----N---- C:\WINDOWS\system32\ati2cqag.dll
    2008-09-05 01:11:26 ----N---- C:\WINDOWS\system32\aaclient.dll
    2008-09-04 23:14:10 ----A---- C:\WINDOWS\mngui.INI
    2008-09-04 23:04:12 ----D---- C:\Documents and Settings\Administrator\Application Data\Teleca
    2008-09-04 23:03:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
    2008-09-04 22:59:39 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-09-04 22:59:08 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
    2008-09-04 22:58:58 ----D---- C:\Program Files\Common Files\Teleca Shared
    2008-09-04 22:58:53 ----D---- C:\Program Files\Sony Ericsson
    2008-09-04 22:58:53 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-09-04 22:58:32 ----D---- C:\WINDOWS\Downloaded Installations
    2008-09-04 22:53:34 ----A---- C:\WINDOWS\system32\msxml3a.dll
    2008-09-04 22:53:32 ----D---- C:\Program Files\MAUS Software
    2008-08-22 15:34:01 ----D---- C:\ComboFix
    2008-08-22 06:16:02 ----D---- C:\WINDOWS\temp
    2008-08-22 06:15:59 ----A---- C:\ComboFix.txt
    2008-08-22 06:04:01 ----D---- C:\WINDOWS\erdnt
    2008-08-22 05:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-08-22 01:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-08-22 00:15:52 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-08-21 19:25:09 ----D---- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
    2008-08-21 19:20:57 ----R---- C:\WINDOWS\system32\streamhlp.dll
    2008-08-21 19:20:57 ----D---- C:\Program Files\TrojanHunter 5.0
    2008-08-21 19:13:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-08-21 19:13:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-21 19:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-21 17:59:12 ----D---- C:\Program Files\EsetOnlineScanner
    2008-08-21 04:40:49 ----D---- C:\Program Files\CCleaner
    2008-08-21 00:02:43 ----A---- C:\WINDOWS\system32\ir50_lcs.dll
    2008-08-21 00:02:43 ----A---- C:\WINDOWS\system32\iacenc.dll
    2008-08-21 00:02:42 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
    2008-08-20 23:58:04 ----A---- C:\WINDOWS\system32\vp3clean.exe
    2008-08-20 23:57:50 ----A---- C:\WINDOWS\system32\ica2.dll
    2008-08-20 23:57:44 ----A---- C:\WINDOWS\system32\324aud32.dll
    2008-08-20 23:57:32 ----D---- C:\Program Files\Common Files\Intel Shared
    2008-08-20 23:56:34 ----A---- C:\WINDOWS\uninst.exe
    2008-08-20 23:53:06 ----A---- C:\WINDOWS\system32\inetwh32.dll
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LTTWN80N.DLL
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LTKRN80N.DLL
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LTIMG80N.DLL
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LTFIL80N.DLL
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LTEFX80N.DLL
    2008-08-20 23:52:33 ----A---- C:\WINDOWS\system32\LFTIF80N.DLL
    2008-08-20 23:52:32 ----A---- C:\WINDOWS\system32\LFMSP80N.DLL
    2008-08-20 23:52:32 ----A---- C:\WINDOWS\system32\LFLMB80N.DLL
    2008-08-20 23:52:32 ----A---- C:\WINDOWS\system32\LFLMA80N.DLL
    2008-08-20 23:52:31 ----A---- C:\WINDOWS\system32\LFKODAK.DLL
    2008-08-20 23:52:31 ----A---- C:\WINDOWS\system32\LFFPX80N.DLL
    2008-08-20 23:52:31 ----A---- C:\WINDOWS\system32\LFFPX7.DLL
    2008-08-20 23:52:30 ----A---- C:\WINDOWS\system32\LFFAX80N.DLL
    2008-08-20 23:52:30 ----A---- C:\WINDOWS\system32\LFCMP80N.DLL
    2008-08-20 23:52:29 ----A---- C:\WINDOWS\system32\LFCAL80N.DLL
    2008-08-20 23:52:29 ----A---- C:\WINDOWS\system32\LFBMP80N.DLL
    2008-08-20 23:52:27 ----D---- C:\Galleries
    2008-08-20 23:52:15 ----A---- C:\WINDOWS\system32\VARIETYPACKLOCALIZATION.DLL
    2008-08-20 23:52:15 ----A---- C:\WINDOWS\system32\RFVPS.dll
    2008-08-20 23:52:15 ----A---- C:\WINDOWS\system32\RFVPPTB.dll
    2008-08-20 23:52:14 ----A---- C:\WINDOWS\system32\RFVPB.dll
    2008-08-20 23:52:14 ----A---- C:\WINDOWS\system32\rfutils.dll
    2008-08-20 23:52:14 ----A---- C:\WINDOWS\system32\rfnullvideo.dll
    2008-08-20 23:52:14 ----A---- C:\WINDOWS\system32\RFInstallRoutines.dll
    2008-08-20 23:52:14 ----A---- C:\WINDOWS\system32\GenericVFW.dll
    2008-08-20 23:50:26 ----A---- C:\WINDOWS\system32\icam4com.dll
    2008-08-20 23:50:25 ----A---- C:\WINDOWS\system32\icam4ext.dll
    2008-08-20 23:50:24 ----A---- C:\WINDOWS\system32\SCALE_EN.DLL
    2008-08-20 23:50:24 ----A---- C:\WINDOWS\system32\icam2ext.dll
    2008-08-20 23:46:44 ----A---- C:\WINDOWS\system32\LMRTREND.dll
    2008-08-20 23:46:24 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
    2008-08-20 23:45:57 ----A---- C:\WINDOWS\system32\unam4ie.exe
    2008-08-20 23:45:46 ----A---- C:\WINDOWS\system32\vidx16.dll
    2008-08-20 23:45:46 ----A---- C:\WINDOWS\system32\qcut.dll
    2008-08-20 23:45:42 ----A---- C:\WINDOWS\system32\w95inf32.dll
    2008-08-20 23:45:42 ----A---- C:\WINDOWS\system32\w95inf16.dll
    2008-08-20 23:45:37 ----D---- C:\Program Files\Intel
    2008-08-20 23:43:56 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
    2008-08-20 23:43:12 ----A---- C:\WINDOWS\IsUninst.exe
    2008-08-20 15:23:24 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
    2008-08-20 15:22:45 ----D---- C:\Program Files\WinRAR
    2008-08-20 02:07:54 ----A---- C:\WINDOWS\system32\Icam3EXT.dll
    2008-08-20 02:07:46 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
    2008-08-19 22:02:27 ----D---- C:\Program Files\Trend Micro
    2008-08-18 14:28:45 ----D---- C:\Program Files\Safer Networking
    2008-08-18 10:21:03 ----A---- C:\WINDOWS\wininit.ini
    2008-08-18 03:04:00 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-08-18 03:04:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-18 02:53:46 ----D---- C:\Program Files\Lavasoft
    2008-08-18 02:53:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-08-18 02:52:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-17 05:16:22 ----D---- C:\Program Files\Common Files\Adobe AIR
    2008-08-17 04:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-08-17 04:53:20 ----D---- C:\Program Files\Common Files\Adobe
    2008-08-17 04:53:18 ----D---- C:\Program Files\Adobe
    2008-08-17 03:41:42 ----A---- C:\WINDOWS\system32\wmpns.dll
    2008-08-17 03:24:18 ----A---- C:\WINDOWS\system32\LuResult.txt
    2008-08-17 03:08:30 ----D---- C:\Config.Msi
    2008-08-16 21:22:39 ----D---- C:\WINDOWS\system32\LogFiles
    2008-08-16 20:50:49 ----A---- C:\WINDOWS\system32\capicom.dll
    2008-08-16 20:49:54 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-16 20:49:40 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-08-16 10:51:57 ----D---- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
    2008-08-16 10:51:45 ----D---- C:\Program Files\AVG
    2008-08-16 10:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-16 10:21:09 ----A---- C:\WINDOWS\system32\g40.exe
    2008-08-16 06:21:26 ----SHD---- C:\WINDOWS\CSC
    2008-08-16 06:08:30 ----A---- C:\WINDOWS\system32\e75ded7b-.txt
    2008-08-16 06:02:31 ----D---- C:\WINDOWS\system32\unt
    2008-08-16 06:02:31 ----D---- C:\WINDOWS\system32\gps
    2008-08-16 06:02:31 ----D---- C:\WINDOWS\system32\fx
    2008-08-16 06:02:25 ----D---- C:\Temp
    2008-08-16 05:59:15 ----D---- C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-08-16 05:58:41 ----D---- C:\Program Files\LimeWire
    2008-08-16 05:00:35 ----A---- C:\WINDOWS\system32\ksuser.dll
    2008-08-16 05:00:03 ----D---- C:\Program Files\SigmaTel
    2008-08-16 05:00:02 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-08-16 04:03:47 ----D---- C:\Documents and Settings\Administrator\Application Data\Pogo Games
    2008-08-16 04:03:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-16 03:59:16 ----D---- C:\Program Files\Oberon Media
    2008-08-16 03:33:03 ----D---- C:\WINDOWS\Sun
    2008-08-16 03:33:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-08-16 03:32:15 ----D---- C:\Program Files\Java
    2008-08-16 03:31:28 ----D---- C:\Program Files\Common Files\Java
    2008-08-16 01:51:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-08-16 01:50:52 ----D---- C:\Program Files\Mozilla Firefox
    2008-08-16 01:49:09 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-08-16 01:48:51 ----A---- C:\YServer.txt
    2008-08-16 01:48:42 ----D---- C:\Program Files\Yahoo!
    2008-08-16 01:42:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-08-16 01:41:37 ----D---- C:\Program Files\MSN Messenger
    2008-08-16 01:36:47 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
    2008-08-16 01:34:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
    2008-08-16 01:34:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-08-16 01:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-08-16 01:34:39 ----D---- C:\Program Files\Google
    2008-08-16 01:31:54 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
    2008-08-16 01:30:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-08-16 01:30:17 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
    2008-08-16 01:29:43 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-08-16 01:29:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
    2008-08-16 01:29:07 ----D---- C:\Program Files\Common Files\AOL
    2008-08-16 01:28:53 ----D---- C:\Program Files\AIM6
    2008-08-16 01:23:21 ----D---- C:\WINDOWS\system32\PreInstall
    2008-08-16 01:23:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2008-08-16 01:23:19 ----HD---- C:\WINDOWS\$hf_mig$
    2008-08-16 01:16:45 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2008-08-16 01:15:41 ----A---- C:\WINDOWS\system32\igfxres.dll
    2008-08-16 01:14:26 ----D---- C:\WINDOWS\Drivers
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\oemdspif.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxzoom.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxtray.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxress.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxpph.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxhk.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxext.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxexps.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxeud.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxdo.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxdiag.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxdgps.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxdev.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\igfxcfg.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmrem.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmgicd.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmgdev.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmdev5.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\ialmdd5.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3775.dll
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\hkcmd.exe
    2008-08-16 01:14:26 ----A---- C:\WINDOWS\system32\hccutils.dll
    2008-08-16 01:09:27 ----N---- C:\WINDOWS\system32\WLTRYSVC.EXE
    2008-08-16 01:09:27 ----N---- C:\WINDOWS\system32\BCMWLTRY.EXE
    2008-08-16 01:09:27 ----N---- C:\WINDOWS\system32\BCMLogon.dll
    2008-08-16 01:09:27 ----N---- C:\WINDOWS\system32\AegisI5.exe
    2008-08-16 01:09:27 ----N---- C:\WINDOWS\system32\AegisE5.dll
    2008-08-16 01:09:16 ----N---- C:\WINDOWS\system32\BCMWLU00.EXE
    2008-08-16 01:09:16 ----N---- C:\WINDOWS\system32\BCMWLD2K.EXE
    2008-08-16 01:09:06 ----D---- C:\Program Files\Common Files\InstallShield
    2008-08-16 01:09:02 ----D---- C:\Dell
    2008-08-15 23:13:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-08-15 23:13:32 ----HD---- C:\Program Files\Uninstall Information
    2008-08-15 23:13:24 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    2008-08-15 23:13:23 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-08-15 23:13:12 ----D---- C:\WINDOWS\SoftwareDistribution
    2008-08-15 23:13:09 ----SD---- C:\WINDOWS\system32\Microsoft
    2008-08-15 23:12:49 ----SHD---- C:\System Volume Information
    2008-08-15 23:06:41 ----D---- C:\WINDOWS\system32\xircom
    2008-08-15 23:06:41 ----D---- C:\Program Files\xerox
    2008-08-15 23:06:41 ----D---- C:\Program Files\microsoft frontpage
    2008-08-15 23:05:58 ----A---- C:\WINDOWS\control.ini
    2008-08-15 23:05:58 ----A---- C:\AUTOEXEC.BAT
    2008-08-15 23:05:29 ----A---- C:\WINDOWS\system32\mapi32.dll
    2008-08-15 23:03:49 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-08-15 23:03:49 ----RD---- C:\WINDOWS\Offline Web Pages
    2008-08-15 23:03:48 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2008-08-15 23:03:36 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2008-08-15 23:03:29 ----HD---- C:\Program Files\WindowsUpdate
    2008-08-15 23:03:00 ----D---- C:\WINDOWS\system32\DirectX
    2008-08-15 23:02:36 ----A---- C:\WINDOWS\system32\atrace.dll
    2008-08-15 23:02:33 ----A---- C:\WINDOWS\system32\desktop.ini
    2008-08-15 23:02:33 ----A---- C:\WINDOWS\desktop.ini

    2008-08-15 23:02:25 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2008-08-15 23:02:24 ----A---- C:\WINDOWS\system32\acctres.dll
    2008-08-15 23:02:23 ----D---- C:\Program Files\Common Files\Services
    2008-08-15 23:02:20 ----SD---- C:\WINDOWS\Tasks
    2008-08-15 23:02:20 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2008-08-15 23:02:19 ----D---- C:\Program Files\Common Files\MSSoap
    2008-08-15 23:02:15 ----D---- C:\WINDOWS\srchasst
    2008-08-15 23:02:14 ----D---- C:\WINDOWS\system32\Macromed
    2008-08-15 23:02:10 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-08-15 23:02:10 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-08-15 23:02:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-08-15 23:02:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-08-15 23:02:10 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\wups.dll
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-08-15 23:02:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-08-15 23:02:08 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-08-15 23:02:04 ----D---- C:\Program Files\Movie Maker
    2008-08-15 23:01:59 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-08-15 23:01:59 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-08-15 23:01:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-08-15 23:01:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-08-15 23:01:55 ----D---- C:\WINDOWS\system32\Restore
    2008-08-15 23:01:55 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-08-15 23:01:55 ----A---- C:\WINDOWS\system32\fltmc.exe
    2008-08-15 23:01:55 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-08-15 23:01:54 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-08-15 23:01:54 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-08-15 23:01:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2008-08-15 23:01:54 ----A---- C:\WINDOWS\system32\ils.dll
    2008-08-15 23:01:53 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2008-08-15 23:01:53 ----A---- C:\WINDOWS\system32\msconf.dll
    2008-08-15 23:01:53 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2008-08-15 23:01:53 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2008-08-15 23:01:51 ----D---- C:\Program Files\NetMeeting
    2008-08-15 23:01:51 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-08-15 23:01:50 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-08-15 23:01:49 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-08-15 23:01:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-08-15 23:01:47 ----D---- C:\Program Files\Outlook Express
    2008-08-15 23:01:47 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-08-15 23:01:47 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-08-15 23:01:47 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-08-15 23:01:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-08-15 23:01:46 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-08-15 23:01:46 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-08-15 23:01:46 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-08-15 23:01:41 ----D---- C:\Program Files\Common Files\System
    2008-08-15 23:01:35 ----D---- C:\Program Files\Internet Explorer
    2008-08-15 23:00:36 ----D---- C:\Program Files\ComPlus Applications
    2008-08-15 23:00:33 ----A---- C:\WINDOWS\vbaddin.ini
    2008-08-15 23:00:33 ----A---- C:\WINDOWS\vb.ini
    2008-08-15 23:00:27 ----D---- C:\WINDOWS\Registration
    2008-08-15 23:00:16 ----D---- C:\Program Files\Windows Media Player
    2008-08-15 23:00:16 ----D---- C:\Program Files\Online Services
    2008-08-15 23:00:07 ----D---- C:\Program Files\Messenger
    2008-08-15 23:00:03 ----D---- C:\Program Files\MSN Gaming Zone
    2008-08-15 23:00:03 ----A---- C:\WINDOWS\system32\write.exe
    2008-08-15 22:59:54 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2008-08-15 22:59:54 ----A---- C:\WINDOWS\system32\hticons.dll
    2008-08-15 22:59:54 ----A---- C:\WINDOWS\system32\avwav.dll
    2008-08-15 22:59:54 ----A---- C:\WINDOWS\system32\avtapi.dll
    2008-08-15 22:59:54 ----A---- C:\WINDOWS\system32\avmeter.dll
    2008-08-15 22:59:53 ----A---- C:\WINDOWS\system32\winchat.exe
    2008-08-15 22:59:47 ----A---- C:\WINDOWS\system32\getuname.dll
    2008-08-15 22:59:47 ----A---- C:\WINDOWS\system32\charmap.exe
    2008-08-15 22:59:46 ----A---- C:\WINDOWS\system32\winmine.exe
    2008-08-15 22:59:46 ----A---- C:\WINDOWS\system32\sol.exe
    2008-08-15 22:59:46 ----A---- C:\WINDOWS\system32\mshearts.exe
    2008-08-15 22:59:46 ----A---- C:\WINDOWS\system32\calc.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\tslabels.ini
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\tskill.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\tscon.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\shadow.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\reset.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\regini.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2008-08-15 22:59:45 ----A---- C:\WINDOWS\system32\freecell.exe
    2008-08-15 22:59:44 ----A---- C:\WINDOWS\system32\msg.exe
    2008-08-15 22:59:44 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2008-08-15 22:59:44 ----A---- C:\WINDOWS\system32\logoff.exe
    2008-08-15 22:59:44 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-08-15 22:59:43 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-08-15 22:59:38 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2008-08-15 22:59:29 ----D---- C:\Program Files\MSN
    2008-08-15 22:59:28 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-08-15 22:59:28 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-08-15 22:59:28 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-08-15 22:59:28 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-08-15 22:59:27 ----D---- C:\Program Files\Windows NT
    2008-08-15 22:59:27 ----A---- C:\WINDOWS\system32\spider.exe
    2008-08-15 22:59:27 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-08-15 22:59:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-08-15 22:59:26 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-08-15 22:59:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-08-15 22:59:24 ----D---- C:\WINDOWS\system32\MsDtc
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-08-15 22:59:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-08-15 22:59:23 ----D---- C:\WINDOWS\system32\Com
    2008-08-15 22:59:23 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-08-15 22:59:23 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-08-15 22:59:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-08-15 22:59:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-08-15 22:59:22 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-08-15 22:59:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-08-15 22:59:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-08-15 22:59:22 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-08-15 22:59:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-08-15 22:59:16 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-08-15 22:59:16 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-08-15 22:59:16 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-08-15 22:59:16 ----A---- C:\WINDOWS\system32\cmprops.dll
    2008-08-15 22:56:54 ----A---- C:\WINDOWS\system32\h323log.txt
    2008-08-15 22:53:16 ----A---- C:\WINDOWS\system32\usbui.dll
    2008-08-15 22:51:14 ----SHD---- C:\WINDOWS\Installer
    2008-08-15 22:51:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-08-15 22:51:13 ----D---- C:\Program Files\Common Files\ODBC
    2008-08-15 22:51:13 ----A---- C:\WINDOWS\ODBCINST.INI
    2008-08-15 22:51:09 ----D---- C:\Program Files\Common Files\SpeechEngines
    2008-08-15 22:51:08 ----RD---- C:\Program Files
    2008-08-15 22:51:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-08-15 22:51:08 ----D---- C:\Program Files\Common Files
    2008-08-15 22:51:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2008-08-15 22:51:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2008-08-15 22:51:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2008-08-15 22:51:02 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2008-08-15 22:51:00 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2008-08-15 22:50:58 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2008-08-15 22:50:58 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2008-08-15 22:50:58 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2008-08-15 22:50:58 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2008-08-15 22:50:58 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2008-08-15 22:50:56 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2008-08-15 22:50:55 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2008-08-15 22:50:52 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2008-08-15 22:50:52 ----A---- C:\WINDOWS\system32\irclass.dll
    2008-08-15 22:50:52 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2008-08-15 22:50:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2008-08-15 22:50:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2008-08-15 22:50:50 ----A---- C:\WINDOWS\TASKMAN.EXE
    2008-08-15 22:50:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2008-08-15 22:50:49 ----A---- C:\WINDOWS\system32\batt.dll
    2008-08-15 22:50:48 ----A---- C:\WINDOWS\notepad.exe
    2008-08-15 22:50:46 ----A---- C:\WINDOWS\system32\storprop.dll
    2008-08-15 22:50:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2008-08-15 22:50:27 ----RA---- C:\WINDOWS\SET8.tmp
    2008-08-15 22:50:24 ----RA---- C:\WINDOWS\SET4.tmp
    2008-08-15 22:50:22 ----RA---- C:\WINDOWS\SET3.tmp
    2008-08-15 22:50:16 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-08-15 22:50:16 ----D---- C:\WINDOWS\system32\CatRoot
    2008-08-15 22:50:10 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-08-15 22:49:48 ----D---- C:\Documents and Settings
    2008-08-15 22:46:40 ----SH---- C:\boot.ini
    2008-08-15 22:37:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-08-15 22:37:39 ----RSD---- C:\WINDOWS\Fonts
    2008-08-15 22:37:39 ----RD---- C:\WINDOWS\Web
    2008-08-15 22:37:39 ----HD---- C:\WINDOWS\inf
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\WinSxS
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\twain_32
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\wins
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\wbem
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\usmt
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\spool
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\ShellExt
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\Setup
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\ras
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\oobe
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\npp
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\mui
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\inetsrv
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\IME
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\icsxml
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\ias
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\export
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\drivers
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\dhcp
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\config
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\3com_dmi
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\3076
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\2052
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1054
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1042
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1041
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1037
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1033
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1031
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1028
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32\1025
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system32
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\system
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\security
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Resources
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\repair
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Provisioning
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\PeerNet
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\pchealth
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\mui
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\msapps
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\msagent
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Media
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\java
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\ime
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Help
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\ehome
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Driver Cache
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Debug
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Cursors
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Connection Wizard
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\Config
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\AppPatch
    2008-08-15 22:37:39 ----D---- C:\WINDOWS\addins
    2008-08-15 22:37:39 ----D---- C:\WINDOWS
    2008-07-14 07:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe

    ======List of files/folders modified in the last 3 months======

    2008-10-06 06:56:43 ----A---- C:\WINDOWS\win.ini
    2008-08-22 06:10:34 ----A---- C:\WINDOWS\system.ini
    2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-16 96520]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
    R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-16 76040]
    R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-08-16 15781]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
    R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-25 315392]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-25 681629]
    R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-16 26824]
    S3 b57w2k;3Com 3C940 10/100/1000 LOM; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
    S3 mauswlan;MAUS Software WLAN helper; C:\WINDOWS\system32\DRIVERS\mauswlan.sys [2004-10-20 54144]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
    R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2004-06-25 45056]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-16 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 231192]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default

    and here is info.txt

    info.txt logfile of random's system information tool 1.04 2008-10-06 09:51:07

    ======Uninstall list======

    -->C:\PROGRA~1\Intel\CREATE~1\VIDEOP~1\setup.exe -fC:\PROGRA~1\Intel\CREATE~1\VIDEOP~1\uninst.ins
    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Createshare\program\Reality Fusion VarietyPack\Uninst.isu"
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\USBUnins.isu
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Clue-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Clue\Uninst.isu"
    C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Crazy Drake Special Edition-->C:\PROGRA~1\eGames\CRAZYD~1\UNWISE.EXE C:\PROGRA~1\eGames\CRAZYD~1\INSTALL.LOG
    Dell Wireless WLAN Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose
    DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    Galaxy of Games Gold Edition-->C:\PROGRA~1\eGames\GALAXY~1\UNWISE.EXE C:\PROGRA~1\eGames\GALAXY~1\INSTALL.LOG
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
    Intel(R) Create & Share(TM) Software-->C:\Program Files\Intel\Createshare\program\uninstall\setup.exe
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LucasArts' Force Commander-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Force Commander\Install\DeIsL1.isu" -c"C:\Program Files\LucasArts\Force Commander\Install\LecSetup.dll"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mini Golf Special Edition-->C:\PROGRA~1\eGames\MINIGO~1\UNWISE.EXE C:\PROGRA~1\eGames\MINIGO~1\INSTALL.LOG
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    My WiFi Tuner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE0A5194-4AE8-4A95-A314-E45E95A9B33F}\Setup.exe" -l0x9
    MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
    Old West Poker Special Edition-->C:\PROGRA~1\eGames\OLDWES~1\UNWISE.EXE C:\PROGRA~1\eGames\OLDWES~1\INSTALL.LOG
    OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
    Operation Mania-->"C:\Program Files\Oberon Media\Operation Mania\Uninstall.exe" "C:\Program Files\Oberon Media\Operation Mania\install.log"
    Peggle Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
    Speedy Eggbert Special Edition-->C:\PROGRA~1\eGames\SPEEDY~1\UNWISE.EXE C:\PROGRA~1\eGames\SPEEDY~1\INSTALL.LOG
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Wonderland Online 2.0.3-->"C:\Program Files\Wonderland Online\unins000.exe"
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG Anti-Virus (disabled) (outdated)
    AV: avast! antivirus 4.8.1229 [VPS 081005-0]
    FW: Norton Internet Worm Protection (disabled)

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0209
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    sorry about two posts, and made me

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :files
      C:\WINDOWS\system32\g40.exe
      C:\WINDOWS\system32\e75ded7b-.txt
      C:\WINDOWS\system32\unt
      C:\WINDOWS\system32\gps
      C:\WINDOWS\system32\fx
      C:\Documents and Settings\Administrator\Application Data\LimeWire
      C:\Program Files\LimeWire
      
      :reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Update your Malwarebytes' Anti-Malware and run a full scan with it.

    Re-run rsit.

    Post:

    - otmoveit3 log
    - mbam log
    - a fresh rsit log
    Last edited by Shaba; 2008-10-06 at 17:21.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default

    do you want the log and info files or just the log from rsit?

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Log is fine
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Junior Member
    Join Date
    Aug 2008
    Posts
    23

    Default

    alrite, here is the otmoveit and MBAM log, the rsit one will be in the next post

    otmoveit3 log

    ========== FILES ==========
    C:\WINDOWS\system32\g40.exe moved successfully.
    C:\WINDOWS\system32\e75ded7b-.txt moved successfully.
    C:\WINDOWS\system32\unt moved successfully.
    C:\WINDOWS\system32\gps moved successfully.
    C:\WINDOWS\system32\fx moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\xml\xml\data moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\xml\xml moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\xml\data moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\xml moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\themes\windows_theme\windows_theme moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\themes\windows_theme moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\themes moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\promotion moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\xml\data moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\xml moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\themes\windows_theme moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\themes moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\promotion moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\certificate moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire\.AppSpecialShare moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\LimeWire moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\certificate moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire\.AppSpecialShare moved successfully.
    C:\Documents and Settings\Administrator\Application Data\LimeWire moved successfully.
    C:\Program Files\LimeWire\LimeWire\Incomplete moved successfully.
    C:\Program Files\LimeWire\LimeWire moved successfully.
    C:\Program Files\LimeWire\Incomplete moved successfully.
    C:\Program Files\LimeWire moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\\ deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.4.1 log created on 10062008_102845

    MBAM log

    Malwarebytes' Anti-Malware 1.28
    Database version: 1233
    Windows 5.1.2600 Service Pack 3

    10/6/2008 11:03:03 AM
    mbam-log-2008-10-06 (11-02-56).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 72745
    Time elapsed: 29 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\_OTMoveIt\MovedFiles\10062008_102504\WINDOWS\system32\unt\NTrem034.exe (Adware.Agent) -> No action taken.
    C:\_OTMoveIt\MovedFiles\10062008_102845\WINDOWS\system32\unt\NTrem034.exe (Adware.Agent) -> No action taken.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •