Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Suspected Virtumonde infection

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default Suspected Virtumonde infection

    Hello all --

    I suspect that I have a lingering Virtumonde infection. A few weeks ago my computer started behaving erratically (popups, etc.) -- Spybot detected Virtumonde, and between it and AVG Antivirus I managed to clear Virtumonde out (or so I thought). However, even after re-installing Windows (on top of my current install -- no drive re-formatting) I'm still having Google search links re-directed in Firefox.

    I've now read the stickies about what to do before posting. My HJT log is pasted in below. Thanks in advance for your help.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:56:57 PM, on 4/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1390067357-1547161642-839522115-1004\..\Run: [Google Update] "C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Caroline')
    O4 - S-1-5-21-1390067357-1547161642-839522115-1004 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Caroline')
    O4 - S-1-5-21-1390067357-1547161642-839522115-1004 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Caroline')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1240364766266
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5739 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi JordanW

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Double-click GooredFix.exe to run it.
    • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: Do not run Option #2 yet.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    Hi Shaba,

    Thanks for your help. The GooredFix log is pasted below.

    GooredFix v1.92 by jpshortstuff
    Log created at 17:51 on 29/04/2009 running Option #1 (Jordan)
    Firefox version 3.0.10 (en-US)

    =====Suspect Goored Entries=====

    C:\Program Files\Mozilla Firefox\extensions\{FC3F3D2E-3D12-4B1B-ABA6-1C8D147538F4}

    C:\Program Files\Mozilla Firefox\extensions\{F4B69F1A-E106-4E65-9EAC-87EB6F4B9E55}

    C:\Program Files\Mozilla Firefox\extensions\{BAA8552A-EF5B-48B1-AE59-875512122F00}

    C:\Program Files\Mozilla Firefox\extensions\{B8558E8C-872E-4CAD-B882-7657AB551B9A}

    C:\Program Files\Mozilla Firefox\extensions\{A313C5BF-1E66-48DD-AB09-412E65A9E0BD}

    C:\Program Files\Mozilla Firefox\extensions\{A1E3E976-79AD-484C-B7E7-5A57FC31E75B}

    C:\Program Files\Mozilla Firefox\extensions\{96EC986A-43B1-4688-91A5-BA8366552E31}

    C:\Program Files\Mozilla Firefox\extensions\{6A1A26F3-E35A-4D4D-9963-4AA1D16A4AF4}

    C:\Program Files\Mozilla Firefox\extensions\{65B977A9-9E41-4BC0-B58D-529BB5C8E930}

    C:\Program Files\Mozilla Firefox\extensions\{46E12999-66C5-43BB-8C60-867FE4AE9CA0}

    C:\Program Files\Mozilla Firefox\extensions\{3EF098FD-9332-4B09-B99C-CC3E4A52A823}

    C:\Program Files\Mozilla Firefox\extensions\{3E4308E2-495B-4D82-9FA8-E7B71F4CC431}

    C:\Program Files\Mozilla Firefox\extensions\{1E12D67B-D47B-446E-993B-E4F58A97D499}

    C:\Program Files\Mozilla Firefox\extensions\{16C9BA60-A6A4-4522-AF8A-3AED15DBB96E}

    C:\Program Files\Mozilla Firefox\extensions\{0980978C-8D90-41D5-9D3D-11C76D7BA576}

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins"="C:\Program Files\Mozilla Firefox\plugins"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components"="C:\Program Files\Mozilla Firefox\components"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored" by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    Thanks Shaba. I followed your instructions, which generated the following log file:

    GooredFix v1.92 by jpshortstuff
    Log created at 00:08 on 30/04/2009 running Option #2 (Jordan)
    Firefox version 3.0.10 (en-US)

    =====Goored Deletions=====
    C:\Program Files\Mozilla Firefox\extensions\{FC3F3D2E-3D12-4B1B-ABA6-1C8D147538F4}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{F4B69F1A-E106-4E65-9EAC-87EB6F4B9E55}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{BAA8552A-EF5B-48B1-AE59-875512122F00}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{B8558E8C-872E-4CAD-B882-7657AB551B9A}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{A313C5BF-1E66-48DD-AB09-412E65A9E0BD}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{A1E3E976-79AD-484C-B7E7-5A57FC31E75B}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{96EC986A-43B1-4688-91A5-BA8366552E31}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{6A1A26F3-E35A-4D4D-9963-4AA1D16A4AF4}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{65B977A9-9E41-4BC0-B58D-529BB5C8E930}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{46E12999-66C5-43BB-8C60-867FE4AE9CA0}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{3EF098FD-9332-4B09-B99C-CC3E4A52A823}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{3E4308E2-495B-4D82-9FA8-E7B71F4CC431}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{1E12D67B-D47B-446E-993B-E4F58A97D499}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{16C9BA60-A6A4-4522-AF8A-3AED15DBB96E}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.
    C:\Program Files\Mozilla Firefox\extensions\{0980978C-8D90-41D5-9D3D-11C76D7BA576}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins"="C:\Program Files\Mozilla Firefox\plugins"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components"="C:\Program Files\Mozilla Firefox\components"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    Thanks Shaba. Here are the contents of the info file.

    info.txt logfile of random's system information tool 1.06 2009-04-30 00:14:00

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
    Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
    AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
    IZArc 3.81-->"C:\Program Files\IZArc\unins001.exe"
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Telemax WC-50 Drivers-->"C:\Program Files\Telemax\unins000.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: LILYPAD
    Event Code: 32
    Message: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


    Record Number: 97
    Source Name: SideBySide
    Time Written: 20090421221822.000000-240
    Event Type: error
    User:

    Computer Name: LILYPAD
    Event Code: 59
    Message: Generate Activation Context failed for C:\Program Files\OpenOffice.org 3\program\quickstart.exe.
    Reference error message: The operation completed successfully.
    .

    Record Number: 54
    Source Name: SideBySide
    Time Written: 20090421215501.000000-240
    Event Type: error
    User:

    Computer Name: LILYPAD
    Event Code: 59
    Message: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
    Reference error message: The referenced assembly is not installed on your system.
    .

    Record Number: 53
    Source Name: SideBySide
    Time Written: 20090421215501.000000-240
    Event Type: error
    User:

    Computer Name: LILYPAD
    Event Code: 32
    Message: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


    Record Number: 50
    Source Name: SideBySide
    Time Written: 20090421215501.000000-240
    Event Type: error
    User:

    Computer Name: LILYPAD
    Event Code: 4311
    Message: Initialization failed because the driver device could not be created.

    Record Number: 31
    Source Name: NetBT
    Time Written: 20090421214454.000000-240
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: LILYPAD
    Event Code: 1517
    Message: Windows saved user LILYPAD\Caroline registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 66
    Source Name: Userenv
    Time Written: 20090424195059.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: LILYPAD
    Event Code: 5603
    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 40
    Source Name: WinMgmt
    Time Written: 20090421221758.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: LILYPAD
    Event Code: 5603
    Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

    Record Number: 39
    Source Name: WinMgmt
    Time Written: 20090421221758.000000-240
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: LILYPAD
    Event Code: 63
    Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Record Number: 27
    Source Name: WinMgmt
    Time Written: 20090421221222.000000-240
    Event Type: warning
    User: LILYPAD\Jordan

    Computer Name: LILYPAD
    Event Code: 1005
    Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


    Record Number: 22
    Source Name: Windows Product Activation
    Time Written: 20090421210954.000000-240
    Event Type: warning
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

  8. #8
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    And these are the contents of the log file.

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Jordan at 2009-04-30 00:13:44
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 184 GB (77%) free of 238 GB
    Total RAM: 2038 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:58 AM, on 4/30/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Jordan.LILYPAD\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Jordan.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1240364766266
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5324 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1547161642-839522115-1003.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1547161642-839522115-1004.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-21 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-21 1932568]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
    "EPSON Stylus C88 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [2005-01-27 98304]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    C:\Documents and Settings\Jordan.LILYPAD\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-04-21 10520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-04-30 00:13:44 ----D---- C:\rsit
    2009-04-28 21:49:19 ----D---- C:\Program Files\Trend Micro
    2009-04-28 21:49:08 ----D---- C:\WINDOWS\ERDNT
    2009-04-28 21:48:42 ----D---- C:\Program Files\ERUNT
    2009-04-26 19:30:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2009-04-26 19:30:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-26 19:29:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2009-04-26 19:28:41 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
    2009-04-26 19:28:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
    2009-04-25 22:38:35 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Skype
    2009-04-25 22:38:23 ----D---- C:\Program Files\Common Files\Skype
    2009-04-25 22:38:21 ----RD---- C:\Program Files\Skype
    2009-04-25 22:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2009-04-25 22:34:23 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\vlc
    2009-04-25 21:40:18 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-04-25 21:39:43 ----D---- C:\WINDOWS\Prefetch
    2009-04-25 21:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-04-25 21:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-25 21:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-25 21:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-04-25 21:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-25 21:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-04-25 21:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-04-25 21:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-04-25 21:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-04-25 21:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-04-25 21:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-04-25 21:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-25 21:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-04-25 21:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-04-25 21:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-04-25 21:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-04-25 21:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-25 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-04-25 21:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-04-25 21:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-04-25 21:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-04-25 21:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-04-25 21:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-04-25 21:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-25 20:58:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-04-25 18:52:27 ----D---- C:\WINDOWS\ie7updates
    2009-04-25 18:52:00 ----D---- C:\WINDOWS\WBEM
    2009-04-25 18:50:17 ----HDC---- C:\WINDOWS\ie7
    2009-04-25 18:50:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2009-04-25 18:49:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2009-04-25 18:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2009-04-25 18:49:40 ----A---- C:\WINDOWS\system32\xmllite.dll
    2009-04-25 18:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2009-04-25 18:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2009-04-25 18:46:52 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-04-24 06:50:13 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2009-04-24 06:50:13 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2009-04-23 07:11:52 ----N---- C:\WINDOWS\system32\wmphoto.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
    2009-04-23 07:11:50 ----N---- C:\WINDOWS\system32\verclsid.exe
    2009-04-23 07:11:48 ----N---- C:\WINDOWS\system32\tspkg.dll
    2009-04-23 07:11:48 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2009-04-23 07:11:44 ----N---- C:\WINDOWS\system32\setupn.exe
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\rasqec.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\qutil.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\qagent.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
    2009-04-23 07:11:39 ----N---- C:\WINDOWS\system32\onex.dll
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napstat.exe
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napmontr.dll
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napipsec.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\msxml6r.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\mssha.dll
    2009-04-23 07:11:35 ----A---- C:\WINDOWS\system32\msxml6.dll
    2009-04-23 07:11:30 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2009-04-23 07:11:30 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2009-04-23 07:11:29 ----N---- C:\WINDOWS\system32\mmcex.dll
    2009-04-23 07:11:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2009-04-23 07:11:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2009-04-23 07:11:21 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2009-04-23 07:11:21 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2009-04-23 07:11:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
    2009-04-23 07:11:04 ----N---- C:\WINDOWS\system32\rwnh.dll
    2009-04-23 07:10:57 ----A---- C:\WINDOWS\005461_.tmp
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapqec.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapphost.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3api.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2009-04-23 07:10:53 ----N---- C:\WINDOWS\system32\credssp.dll
    2009-04-23 07:10:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2009-04-23 07:10:51 ----N---- C:\WINDOWS\system32\azroles.dll
    2009-04-23 07:10:47 ----N---- C:\WINDOWS\system32\aaclient.dll
    2009-04-23 00:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2009-04-22 19:38:39 ----D---- C:\Program Files\OpenOffice.org 3
    2009-04-22 18:20:32 ----D---- C:\Program Files\Common Files\Adobe AIR
    2009-04-22 18:19:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2009-04-22 07:11:09 ----A---- C:\WINDOWS\EPSMTL32.TXT
    2009-04-22 07:07:15 ----D---- C:\Program Files\NOS
    2009-04-22 07:07:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
    2009-04-22 00:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
    2009-04-22 00:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2009-04-22 00:06:18 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-04-21 23:25:20 ----A---- C:\WINDOWS\system32\ChCfg.exe
    2009-04-21 23:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\SoundMan.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\SkyTel.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\RtlUpd.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\RTLCPL.exe
    2009-04-21 23:24:37 ----A---- C:\WINDOWS\RTHDCPL.exe
    2009-04-21 23:24:36 ----A---- C:\WINDOWS\MicCal.exe
    2009-04-21 23:24:36 ----A---- C:\WINDOWS\alcwzrd.exe
    2009-04-21 23:24:35 ----D---- C:\Program Files\Realtek
    2009-04-21 23:24:35 ----A---- C:\WINDOWS\Alcmtr.exe
    2009-04-21 23:24:31 ----A---- C:\WINDOWS\RtlExUpd.dll
    2009-04-21 23:24:31 ----A---- C:\WINDOWS\HideWin.exe
    2009-04-21 23:24:23 ----A---- C:\WINDOWS\AS_Debug.txt
    2009-04-21 23:01:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-04-21 23:01:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2009-04-21 22:43:34 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
    2009-04-21 22:43:33 ----A---- C:\WINDOWS\system32\ksuser.dll
    2009-04-21 22:34:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\WinFF
    2009-04-21 22:34:15 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\uTorrent
    2009-04-21 22:30:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Thunderbird
    2009-04-21 22:30:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Talkback
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Sun
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\skypePM
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Skinux
    2009-04-21 22:30:16 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Orbit
    2009-04-21 22:30:13 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\OpenOffice.org2
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\OpenOffice.org
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Notepad++
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\NCH Software
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\MPEG Streamclip
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Mp3tag
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\johnsadventures.com
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Help
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\gtk-2.0
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Garritan
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\foobar2000
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Flickr
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\FileZilla
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\EPSON
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\CDBurnerXP_Soft
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\AVS4YOU
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\avidemux
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Audacity
    2009-04-21 22:28:39 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Apple Computer
    2009-04-21 22:28:39 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Any Video Converter
    2009-04-21 22:19:30 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Mozilla
    2009-04-21 22:19:23 ----N---- C:\WINDOWS\system32\xpsp4res.dll
    2009-04-21 22:19:23 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2009-04-21 22:06:06 ----N---- C:\WINDOWS\system32\spnpinst.exe
    2009-04-21 21:58:24 ----A---- C:\WINDOWS\system32\wpa.bak
    2009-04-21 21:57:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
    2009-04-21 21:51:16 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\xpob2res.dll
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\bitsprx3.dll
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\bitsprx2.dll
    2009-04-21 21:50:37 ----A---- C:\WINDOWS\system32\winhttp.dll
    2009-04-21 21:50:37 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2009-04-21 21:50:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Macromedia
    2009-04-21 21:50:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Adobe
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wups2.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wups.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wucltui.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2009-04-21 21:46:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2009-04-21 21:46:26 ----A---- C:\WINDOWS\system32\wuapi.dll
    2009-04-21 21:44:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Opera
    2009-04-21 21:17:53 ----D---- C:\Program Files\7-Zip
    2009-04-21 21:10:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Identities
    2009-04-21 21:09:54 ----ASH---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\desktop.ini
    2009-04-21 21:09:53 ----SD---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Microsoft
    2009-04-21 21:09:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-21 21:06:40 ----A---- C:\WINDOWS\control.ini
    2009-04-21 21:06:32 ----A---- C:\WINDOWS\system32\mapi32.dll
    2009-04-21 21:05:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-04-21 21:05:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrslv.dll
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrdm.dll
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2009-04-21 21:05:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2009-04-21 21:05:19 ----A---- C:\WINDOWS\system32\atrace.dll
    2009-04-21 21:05:17 ----A---- C:\WINDOWS\system32\desktop.ini
    2009-04-21 21:05:17 ----A---- C:\WINDOWS\desktop.ini
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2009-04-21 21:05:11 ----A---- C:\WINDOWS\system32\inetres.dll
    2009-04-21 21:05:11 ----A---- C:\WINDOWS\system32\acctres.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\isign32.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icwdial.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2009-04-21 21:05:04 ----A---- C:\WINDOWS\system32\qmgr.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srsvc.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srrstr.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srclient.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\msconf.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\ils.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\msoert2.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\mstinit.exe
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\mstask.dll
    2009-04-21 21:04:37 ----A---- C:\WINDOWS\vbaddin.ini
    2009-04-21 21:04:37 ----A---- C:\WINDOWS\vb.ini
    2009-04-21 21:04:32 ----D---- C:\Program Files\Online Services
    2009-04-21 21:04:30 ----A---- C:\WINDOWS\system32\write.exe
    2009-04-21 21:04:26 ----A---- C:\WINDOWS\system32\accwiz.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\hticons.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avwav.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avtapi.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avmeter.dll
    2009-04-21 21:04:24 ----A---- C:\WINDOWS\system32\winchat.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\sol.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\getuname.dll
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\charmap.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\calc.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\winmine.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tslabels.ini
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tskill.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tscon.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\shadow.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\reset.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\rdshost.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\mshearts.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\freecell.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\regini.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qprocess.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msg.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\logoff.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtc.exe
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\stclient.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxex.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comuid.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comsnap.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comrepl.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comaddin.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\colbact.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\catsrv.dll
    2009-04-21 21:04:14 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\servdeps.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\mplay32.exe
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\cmprops.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\spider.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\mspaint.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\termsrv.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\remotepg.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdchost.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\mstscax.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\mstsc.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\icaapi.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2009-04-21 21:04:03 ----A---- C:\WINDOWS\system32\licwmi.dll
    2009-04-21 17:03:46 ----A---- C:\WINDOWS\system32\h323log.txt
    2009-04-21 17:01:30 ----A---- C:\WINDOWS\system32\usbui.dll
    2009-04-21 16:59:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-21 16:59:15 ----A---- C:\WINDOWS\ODBCINST.INI
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2009-04-21 16:59:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\TASKMAN.EXE
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\system32\storprop.dll
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\system32\batt.dll
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\notepad.exe
    2009-04-21 16:58:58 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
    2009-04-21 16:58:57 ----RA---- C:\WINDOWS\SET7.tmp
    2009-04-21 16:58:55 ----RA---- C:\WINDOWS\SET3.tmp
    2009-04-21 16:58:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-04-19 11:55:35 ----D---- C:\WINDOWS\CSC
    2009-04-18 20:03:48 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-04-16 23:05:40 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
    2009-04-15 23:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
    2009-04-15 23:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
    2009-04-15 23:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
    2009-04-15 23:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
    2009-04-15 23:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
    2009-04-15 23:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
    2009-04-01 18:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-31 22:47:30 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-31 22:47:25 ----D---- C:\Program Files\MSBuild
    2009-03-31 22:47:14 ----D---- C:\Program Files\Reference Assemblies
    2009-03-31 22:46:38 ----D---- C:\1cfb1a3eebc0d595fcba15563b

    ======List of files/folders modified in the last 1 months======

    2009-04-30 00:08:34 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-29 18:09:57 ----D---- C:\Program Files\Notepad++
    2009-04-29 17:50:10 ----D---- C:\WINDOWS\Temp
    2009-04-29 00:36:10 ----D---- C:\Program Files\Opera
    2009-04-28 23:51:04 ----D---- C:\WINDOWS\system32
    2009-04-28 21:49:19 ----RD---- C:\Program Files
    2009-04-28 21:49:08 ----D---- C:\WINDOWS
    2009-04-28 12:20:39 ----HD---- C:\$AVG8.VAULT$
    2009-04-28 07:16:01 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-04-27 19:43:24 ----D---- C:\Documents and Settings
    2009-04-26 19:35:02 ----HD---- C:\WINDOWS\inf
    2009-04-26 19:35:02 ----D---- C:\WINDOWS\system32\drivers
    2009-04-26 19:31:05 ----SHD---- C:\WINDOWS\Installer
    2009-04-26 19:30:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-04-26 19:30:42 ----D---- C:\Program Files\iTunes
    2009-04-26 19:29:59 ----D---- C:\Program Files\Bonjour
    2009-04-26 19:29:38 ----D---- C:\Program Files\QuickTime
    2009-04-26 07:49:34 ----SD---- C:\WINDOWS\Tasks
    2009-04-26 07:19:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-26 07:18:55 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-25 23:55:35 ----D---- C:\WINDOWS\Debug
    2009-04-25 22:38:23 ----D---- C:\Program Files\Common Files
    2009-04-25 21:44:09 ----D---- C:\WINDOWS\system32\CatRoot
    2009-04-25 21:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-04-25 21:42:48 ----D---- C:\Program Files\Messenger
    2009-04-25 21:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-04-25 21:42:42 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-25 21:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\system32\wbem
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\system32\Setup
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\AppPatch
    2009-04-25 21:39:26 ----RSD---- C:\WINDOWS\Fonts
    2009-04-25 21:38:44 ----D---- C:\WINDOWS\security
    2009-04-25 21:31:13 ----D---- C:\Program Files\Windows Media Player
    2009-04-25 21:30:46 ----D---- C:\WINDOWS\system32\inetsrv
    2009-04-25 21:30:46 ----D---- C:\WINDOWS\network diagnostic
    2009-04-25 21:30:45 ----D---- C:\WINDOWS\ime
    2009-04-25 21:30:45 ----D---- C:\WINDOWS\Help
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\usmt
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\scripting
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\en-us
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\en
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\bits
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\peernet
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\l2schemas
    2009-04-25 21:30:34 ----D---- C:\Program Files\Movie Maker
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\system32\Restore
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\system32\npp
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\mui
    2009-04-25 21:27:15 ----D---- C:\WINDOWS\msagent
    2009-04-25 21:27:14 ----D---- C:\WINDOWS\srchasst
    2009-04-25 21:27:13 ----D---- C:\Program Files\NetMeeting
    2009-04-25 21:27:11 ----D---- C:\WINDOWS\system32\Com
    2009-04-25 21:27:09 ----D---- C:\Program Files\Windows NT
    2009-04-25 21:27:09 ----D---- C:\Program Files\Outlook Express
    2009-04-25 21:27:06 ----D---- C:\Program Files\Common Files\System
    2009-04-25 21:26:47 ----D---- C:\WINDOWS\system32\oobe
    2009-04-25 21:26:44 ----D---- C:\WINDOWS\system
    2009-04-25 21:24:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-04-25 21:22:52 ----D---- C:\WINDOWS\EHome
    2009-04-25 19:58:40 ----D---- C:\Program Files\Internet Explorer
    2009-04-25 18:51:40 ----D---- C:\WINDOWS\Media
    2009-04-22 19:38:43 ----D---- C:\Program Files\JRE
    2009-04-22 19:38:19 ----D---- C:\Program Files\Java
    2009-04-22 18:20:38 ----D---- C:\Program Files\Adobe
    2009-04-22 18:20:00 ----D---- C:\Program Files\Common Files\Adobe
    2009-04-22 18:17:59 ----D---- C:\Program Files\IZArc
    2009-04-22 18:13:10 ----SHD---- C:\RECYCLER
    2009-04-22 00:08:06 ----D---- C:\WINDOWS\WinSxS
    2009-04-22 00:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-04-22 00:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2009-04-21 23:25:20 ----D---- C:\WINDOWS\system32\RTCOM
    2009-04-21 23:24:35 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-04-21 22:43:27 ----D---- C:\Program Files\Telemax
    2009-04-21 22:43:26 ----D---- C:\WINDOWS\twain_32
    2009-04-21 22:12:35 ----RASH---- C:\boot.ini
    2009-04-21 22:12:34 ----A---- C:\WINDOWS\win.ini
    2009-04-21 22:10:09 ----RD---- C:\WINDOWS\Web
    2009-04-21 22:10:03 ----RASH---- C:\NTDETECT.COM
    2009-04-21 22:06:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-04-21 21:55:16 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-04-21 21:51:06 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-04-21 21:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
    2009-04-21 21:13:33 ----D---- C:\WINDOWS\system32\appmgmt
    2009-04-21 21:09:19 ----SHD---- C:\System Volume Information
    2009-04-21 21:08:50 ----D---- C:\WINDOWS\system32\config
    2009-04-21 21:06:29 ----D---- C:\WINDOWS\Registration
    2009-04-21 21:04:34 ----D---- C:\WINDOWS\system32\MsDtc
    2009-04-21 21:04:29 ----D---- C:\WINDOWS\Cursors
    2009-04-21 16:59:13 ----A---- C:\WINDOWS\system.ini
    2009-04-21 16:56:04 ----D---- C:\WINDOWS\system32\ras
    2009-04-21 16:55:57 ----D---- C:\WINDOWS\system32\icsxml
    2009-04-21 16:55:39 ----D---- C:\WINDOWS\system32\ias
    2009-04-21 16:55:35 ----D---- C:\WINDOWS\system32\1033
    2009-04-21 16:54:35 ----D---- C:\WINDOWS\system32\Lang
    2009-04-21 16:54:35 ----D---- C:\WINDOWS\system32\IOSUBSYS
    2009-04-21 16:54:33 ----D---- C:\WINDOWS\system32\Color
    2009-04-21 16:54:31 ----D---- C:\WINDOWS\system32\avsplugin
    2009-04-21 16:54:27 ----D---- C:\WINDOWS\repair
    2009-04-21 16:54:22 ----RD---- C:\WINDOWS\Offline Web Pages
    2009-04-21 16:54:11 ----RSD---- C:\WINDOWS\assembly
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB945060-v3$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
    2009-04-21 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
    2009-04-21 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2009-04-20 09:30:46 ----D---- C:\WINDOWS\Driver Cache
    2009-04-19 11:57:51 ----D---- C:\WINDOWS\Minidump
    2009-04-16 19:01:01 ----D---- C:\Program Files\Flickr Uploadr
    2009-04-01 07:50:18 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-31 22:46:56 ----D---- C:\WINDOWS\system32\spool

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-21 325640]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-21 27656]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-21 108552]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008]
    R3 JL2001;Telemax WebCam WC-50; C:\WINDOWS\System32\Drivers\videocap.sys [2002-01-10 173768]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-04-21 908056]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]

    -----------------EOF-----------------

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    As per forum rules, you will have to uninstall uTorrent.

    Please rerun rsit after that and post back a fresh log.txt.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    Here is the new log file.

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Jordan at 2009-04-30 07:02:35
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 184 GB (77%) free of 238 GB
    Total RAM: 2038 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:02:45 AM, on 4/30/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Jordan.LILYPAD\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Jordan.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1240364766266
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5338 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1547161642-839522115-1003.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1547161642-839522115-1004.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-21 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-21 1932568]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
    "EPSON Stylus C88 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [2005-01-27 98304]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"=C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    C:\Documents and Settings\Jordan.LILYPAD\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-04-21 10520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Jordan.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Caroline.LILYPAD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-04-30 00:13:44 ----D---- C:\rsit
    2009-04-28 21:49:19 ----D---- C:\Program Files\Trend Micro
    2009-04-28 21:49:08 ----D---- C:\WINDOWS\ERDNT
    2009-04-28 21:48:42 ----D---- C:\Program Files\ERUNT
    2009-04-26 19:30:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2009-04-26 19:30:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-26 19:29:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2009-04-26 19:28:41 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
    2009-04-26 19:28:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
    2009-04-25 22:38:35 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Skype
    2009-04-25 22:38:23 ----D---- C:\Program Files\Common Files\Skype
    2009-04-25 22:38:21 ----RD---- C:\Program Files\Skype
    2009-04-25 22:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
    2009-04-25 22:34:23 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\vlc
    2009-04-25 21:40:18 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-04-25 21:39:43 ----D---- C:\WINDOWS\Prefetch
    2009-04-25 21:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-04-25 21:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-25 21:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-25 21:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-04-25 21:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-25 21:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-04-25 21:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-04-25 21:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-04-25 21:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-04-25 21:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-04-25 21:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-04-25 21:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-25 21:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-04-25 21:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-04-25 21:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-04-25 21:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-04-25 21:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-25 21:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-04-25 21:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-04-25 21:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-04-25 21:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-04-25 21:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-04-25 21:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-04-25 21:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-25 20:58:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-04-25 18:52:27 ----D---- C:\WINDOWS\ie7updates
    2009-04-25 18:52:00 ----D---- C:\WINDOWS\WBEM
    2009-04-25 18:50:17 ----HDC---- C:\WINDOWS\ie7
    2009-04-25 18:50:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2009-04-25 18:49:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2009-04-25 18:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2009-04-25 18:49:40 ----A---- C:\WINDOWS\system32\xmllite.dll
    2009-04-25 18:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2009-04-25 18:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2009-04-25 18:46:52 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-04-24 06:50:13 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2009-04-24 06:50:13 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2009-04-23 07:11:52 ----N---- C:\WINDOWS\system32\wmphoto.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
    2009-04-23 07:11:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
    2009-04-23 07:11:50 ----N---- C:\WINDOWS\system32\verclsid.exe
    2009-04-23 07:11:48 ----N---- C:\WINDOWS\system32\tspkg.dll
    2009-04-23 07:11:48 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2009-04-23 07:11:44 ----N---- C:\WINDOWS\system32\setupn.exe
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\rasqec.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\qutil.dll
    2009-04-23 07:11:42 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\qagent.dll
    2009-04-23 07:11:41 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
    2009-04-23 07:11:39 ----N---- C:\WINDOWS\system32\onex.dll
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napstat.exe
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napmontr.dll
    2009-04-23 07:11:36 ----N---- C:\WINDOWS\system32\napipsec.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\msxml6r.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2009-04-23 07:11:35 ----N---- C:\WINDOWS\system32\mssha.dll
    2009-04-23 07:11:35 ----A---- C:\WINDOWS\system32\msxml6.dll
    2009-04-23 07:11:30 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2009-04-23 07:11:30 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2009-04-23 07:11:29 ----N---- C:\WINDOWS\system32\mmcex.dll
    2009-04-23 07:11:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2009-04-23 07:11:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2009-04-23 07:11:22 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2009-04-23 07:11:21 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2009-04-23 07:11:21 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2009-04-23 07:11:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
    2009-04-23 07:11:04 ----N---- C:\WINDOWS\system32\rwnh.dll
    2009-04-23 07:10:57 ----A---- C:\WINDOWS\005461_.tmp
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapqec.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapphost.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2009-04-23 07:10:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dot3api.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2009-04-23 07:10:55 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2009-04-23 07:10:53 ----N---- C:\WINDOWS\system32\credssp.dll
    2009-04-23 07:10:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2009-04-23 07:10:51 ----N---- C:\WINDOWS\system32\azroles.dll
    2009-04-23 07:10:47 ----N---- C:\WINDOWS\system32\aaclient.dll
    2009-04-23 00:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2009-04-22 19:38:39 ----D---- C:\Program Files\OpenOffice.org 3
    2009-04-22 18:20:32 ----D---- C:\Program Files\Common Files\Adobe AIR
    2009-04-22 18:19:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2009-04-22 07:11:09 ----A---- C:\WINDOWS\EPSMTL32.TXT
    2009-04-22 07:07:15 ----D---- C:\Program Files\NOS
    2009-04-22 07:07:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
    2009-04-22 00:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
    2009-04-22 00:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2009-04-22 00:06:18 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-04-21 23:25:20 ----A---- C:\WINDOWS\system32\ChCfg.exe
    2009-04-21 23:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\SoundMan.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\SkyTel.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\RtlUpd.exe
    2009-04-21 23:24:38 ----A---- C:\WINDOWS\RTLCPL.exe
    2009-04-21 23:24:37 ----A---- C:\WINDOWS\RTHDCPL.exe
    2009-04-21 23:24:36 ----A---- C:\WINDOWS\MicCal.exe
    2009-04-21 23:24:36 ----A---- C:\WINDOWS\alcwzrd.exe
    2009-04-21 23:24:35 ----D---- C:\Program Files\Realtek
    2009-04-21 23:24:35 ----A---- C:\WINDOWS\Alcmtr.exe
    2009-04-21 23:24:31 ----A---- C:\WINDOWS\RtlExUpd.dll
    2009-04-21 23:24:31 ----A---- C:\WINDOWS\HideWin.exe
    2009-04-21 23:24:23 ----A---- C:\WINDOWS\AS_Debug.txt
    2009-04-21 23:01:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-04-21 23:01:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2009-04-21 22:43:34 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
    2009-04-21 22:43:33 ----A---- C:\WINDOWS\system32\ksuser.dll
    2009-04-21 22:34:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\WinFF
    2009-04-21 22:30:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Thunderbird
    2009-04-21 22:30:18 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Talkback
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Sun
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\skypePM
    2009-04-21 22:30:17 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Skinux
    2009-04-21 22:30:16 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Orbit
    2009-04-21 22:30:13 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\OpenOffice.org2
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\OpenOffice.org
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Notepad++
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\NCH Software
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\MPEG Streamclip
    2009-04-21 22:30:09 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Mp3tag
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\johnsadventures.com
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Help
    2009-04-21 22:30:02 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\gtk-2.0
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Garritan
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\foobar2000
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Flickr
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\FileZilla
    2009-04-21 22:30:01 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\EPSON
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\CDBurnerXP_Soft
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\AVS4YOU
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\avidemux
    2009-04-21 22:30:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Audacity
    2009-04-21 22:28:39 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Apple Computer
    2009-04-21 22:28:39 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Any Video Converter
    2009-04-21 22:19:30 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Mozilla
    2009-04-21 22:19:23 ----N---- C:\WINDOWS\system32\xpsp4res.dll
    2009-04-21 22:19:23 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2009-04-21 22:06:06 ----N---- C:\WINDOWS\system32\spnpinst.exe
    2009-04-21 21:58:24 ----A---- C:\WINDOWS\system32\wpa.bak
    2009-04-21 21:57:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
    2009-04-21 21:51:16 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\xpob2res.dll
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\bitsprx3.dll
    2009-04-21 21:50:37 ----N---- C:\WINDOWS\system32\bitsprx2.dll
    2009-04-21 21:50:37 ----A---- C:\WINDOWS\system32\winhttp.dll
    2009-04-21 21:50:37 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2009-04-21 21:50:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Macromedia
    2009-04-21 21:50:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Adobe
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wups2.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wups.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wucltui.dll
    2009-04-21 21:46:27 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2009-04-21 21:46:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2009-04-21 21:46:26 ----A---- C:\WINDOWS\system32\wuapi.dll
    2009-04-21 21:44:08 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Opera
    2009-04-21 21:10:00 ----D---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Identities
    2009-04-21 21:09:54 ----ASH---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\desktop.ini
    2009-04-21 21:09:53 ----SD---- C:\Documents and Settings\Jordan.LILYPAD\Application Data\Microsoft
    2009-04-21 21:09:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-21 21:06:40 ----A---- C:\WINDOWS\control.ini
    2009-04-21 21:06:32 ----A---- C:\WINDOWS\system32\mapi32.dll
    2009-04-21 21:05:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-04-21 21:05:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrslv.dll
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrdm.dll
    2009-04-21 21:05:20 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2009-04-21 21:05:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2009-04-21 21:05:19 ----A---- C:\WINDOWS\system32\atrace.dll
    2009-04-21 21:05:17 ----A---- C:\WINDOWS\system32\desktop.ini
    2009-04-21 21:05:17 ----A---- C:\WINDOWS\desktop.ini
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2009-04-21 21:05:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2009-04-21 21:05:11 ----A---- C:\WINDOWS\system32\inetres.dll
    2009-04-21 21:05:11 ----A---- C:\WINDOWS\system32\acctres.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\isign32.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icwdial.dll
    2009-04-21 21:05:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2009-04-21 21:05:04 ----A---- C:\WINDOWS\system32\qmgr.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srsvc.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srrstr.dll
    2009-04-21 21:05:01 ----A---- C:\WINDOWS\system32\srclient.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\msconf.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2009-04-21 21:05:00 ----A---- C:\WINDOWS\system32\ils.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\msoert2.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2009-04-21 21:04:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\mstinit.exe
    2009-04-21 21:04:57 ----A---- C:\WINDOWS\system32\mstask.dll
    2009-04-21 21:04:37 ----A---- C:\WINDOWS\vbaddin.ini
    2009-04-21 21:04:37 ----A---- C:\WINDOWS\vb.ini
    2009-04-21 21:04:32 ----D---- C:\Program Files\Online Services
    2009-04-21 21:04:30 ----A---- C:\WINDOWS\system32\write.exe
    2009-04-21 21:04:26 ----A---- C:\WINDOWS\system32\accwiz.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\hticons.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avwav.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avtapi.dll
    2009-04-21 21:04:25 ----A---- C:\WINDOWS\system32\avmeter.dll
    2009-04-21 21:04:24 ----A---- C:\WINDOWS\system32\winchat.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\sol.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\getuname.dll
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\charmap.exe
    2009-04-21 21:04:19 ----A---- C:\WINDOWS\system32\calc.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\winmine.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tslabels.ini
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tskill.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\tscon.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\shadow.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\reset.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\rdshost.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\mshearts.exe
    2009-04-21 21:04:18 ----A---- C:\WINDOWS\system32\freecell.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\regini.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qprocess.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msg.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\logoff.exe
    2009-04-21 21:04:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\msdtc.exe
    2009-04-21 21:04:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\stclient.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxex.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comuid.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comsnap.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comrepl.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\comaddin.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\colbact.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2009-04-21 21:04:15 ----A---- C:\WINDOWS\system32\catsrv.dll
    2009-04-21 21:04:14 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\servdeps.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\mplay32.exe
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2009-04-21 21:04:09 ----A---- C:\WINDOWS\system32\cmprops.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\spider.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\mspaint.exe
    2009-04-21 21:04:08 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\termsrv.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\remotepg.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\rdchost.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\mstscax.dll
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\mstsc.exe
    2009-04-21 21:04:07 ----A---- C:\WINDOWS\system32\icaapi.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2009-04-21 21:04:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2009-04-21 21:04:03 ----A---- C:\WINDOWS\system32\licwmi.dll
    2009-04-21 17:03:46 ----A---- C:\WINDOWS\system32\h323log.txt
    2009-04-21 17:01:30 ----A---- C:\WINDOWS\system32\usbui.dll
    2009-04-21 16:59:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-21 16:59:15 ----A---- C:\WINDOWS\ODBCINST.INI
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2009-04-21 16:59:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2009-04-21 16:59:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2009-04-21 16:59:08 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2009-04-21 16:59:07 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2009-04-21 16:59:06 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2009-04-21 16:59:05 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2009-04-21 16:59:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2009-04-21 16:59:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\TASKMAN.EXE
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\system32\storprop.dll
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\system32\batt.dll
    2009-04-21 16:59:01 ----A---- C:\WINDOWS\notepad.exe
    2009-04-21 16:58:58 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
    2009-04-21 16:58:57 ----RA---- C:\WINDOWS\SET7.tmp
    2009-04-21 16:58:55 ----RA---- C:\WINDOWS\SET3.tmp
    2009-04-21 16:58:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-04-19 11:55:35 ----D---- C:\WINDOWS\CSC
    2009-04-18 20:03:48 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-04-16 23:05:40 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
    2009-04-15 23:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
    2009-04-15 23:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
    2009-04-15 23:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
    2009-04-15 23:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
    2009-04-15 23:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
    2009-04-15 23:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
    2009-04-01 18:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-31 22:47:30 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-31 22:47:25 ----D---- C:\Program Files\MSBuild
    2009-03-31 22:47:14 ----D---- C:\Program Files\Reference Assemblies
    2009-03-31 22:46:38 ----D---- C:\1cfb1a3eebc0d595fcba15563b

    ======List of files/folders modified in the last 1 months======

    2009-04-30 07:02:07 ----RD---- C:\Program Files
    2009-04-30 06:58:25 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-30 06:58:16 ----D---- C:\WINDOWS\Temp
    2009-04-29 18:09:57 ----D---- C:\Program Files\Notepad++
    2009-04-29 00:36:10 ----D---- C:\Program Files\Opera
    2009-04-28 23:51:04 ----D---- C:\WINDOWS\system32
    2009-04-28 21:49:08 ----D---- C:\WINDOWS
    2009-04-28 12:20:39 ----HD---- C:\$AVG8.VAULT$
    2009-04-28 07:16:01 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-04-27 19:43:24 ----D---- C:\Documents and Settings
    2009-04-26 19:35:02 ----HD---- C:\WINDOWS\inf
    2009-04-26 19:35:02 ----D---- C:\WINDOWS\system32\drivers
    2009-04-26 19:31:05 ----SHD---- C:\WINDOWS\Installer
    2009-04-26 19:30:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-04-26 19:30:42 ----D---- C:\Program Files\iTunes
    2009-04-26 19:29:59 ----D---- C:\Program Files\Bonjour
    2009-04-26 19:29:38 ----D---- C:\Program Files\QuickTime
    2009-04-26 07:49:34 ----SD---- C:\WINDOWS\Tasks
    2009-04-26 07:19:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-26 07:18:55 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-25 23:55:35 ----D---- C:\WINDOWS\Debug
    2009-04-25 22:38:23 ----D---- C:\Program Files\Common Files
    2009-04-25 21:44:09 ----D---- C:\WINDOWS\system32\CatRoot
    2009-04-25 21:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-04-25 21:42:48 ----D---- C:\Program Files\Messenger
    2009-04-25 21:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-04-25 21:42:42 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-25 21:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\system32\wbem
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\system32\Setup
    2009-04-25 21:39:27 ----D---- C:\WINDOWS\AppPatch
    2009-04-25 21:39:26 ----RSD---- C:\WINDOWS\Fonts
    2009-04-25 21:38:44 ----D---- C:\WINDOWS\security
    2009-04-25 21:31:13 ----D---- C:\Program Files\Windows Media Player
    2009-04-25 21:30:46 ----D---- C:\WINDOWS\system32\inetsrv
    2009-04-25 21:30:46 ----D---- C:\WINDOWS\network diagnostic
    2009-04-25 21:30:45 ----D---- C:\WINDOWS\ime
    2009-04-25 21:30:45 ----D---- C:\WINDOWS\Help
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\usmt
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\scripting
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\en-us
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\en
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\system32\bits
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\peernet
    2009-04-25 21:30:35 ----D---- C:\WINDOWS\l2schemas
    2009-04-25 21:30:34 ----D---- C:\Program Files\Movie Maker
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\system32\Restore
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\system32\npp
    2009-04-25 21:27:17 ----D---- C:\WINDOWS\mui
    2009-04-25 21:27:15 ----D---- C:\WINDOWS\msagent
    2009-04-25 21:27:14 ----D---- C:\WINDOWS\srchasst
    2009-04-25 21:27:13 ----D---- C:\Program Files\NetMeeting
    2009-04-25 21:27:11 ----D---- C:\WINDOWS\system32\Com
    2009-04-25 21:27:09 ----D---- C:\Program Files\Windows NT
    2009-04-25 21:27:09 ----D---- C:\Program Files\Outlook Express
    2009-04-25 21:27:06 ----D---- C:\Program Files\Common Files\System
    2009-04-25 21:26:47 ----D---- C:\WINDOWS\system32\oobe
    2009-04-25 21:26:44 ----D---- C:\WINDOWS\system
    2009-04-25 21:24:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-04-25 21:22:52 ----D---- C:\WINDOWS\EHome
    2009-04-25 19:58:40 ----D---- C:\Program Files\Internet Explorer
    2009-04-25 18:51:40 ----D---- C:\WINDOWS\Media
    2009-04-22 19:38:43 ----D---- C:\Program Files\JRE
    2009-04-22 19:38:19 ----D---- C:\Program Files\Java
    2009-04-22 18:20:38 ----D---- C:\Program Files\Adobe
    2009-04-22 18:20:00 ----D---- C:\Program Files\Common Files\Adobe
    2009-04-22 18:17:59 ----D---- C:\Program Files\IZArc
    2009-04-22 18:13:10 ----SHD---- C:\RECYCLER
    2009-04-22 00:08:06 ----D---- C:\WINDOWS\WinSxS
    2009-04-22 00:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-04-22 00:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2009-04-21 23:25:20 ----D---- C:\WINDOWS\system32\RTCOM
    2009-04-21 23:24:35 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-04-21 22:43:27 ----D---- C:\Program Files\Telemax
    2009-04-21 22:43:26 ----D---- C:\WINDOWS\twain_32
    2009-04-21 22:12:35 ----RASH---- C:\boot.ini
    2009-04-21 22:12:34 ----A---- C:\WINDOWS\win.ini
    2009-04-21 22:10:09 ----RD---- C:\WINDOWS\Web
    2009-04-21 22:10:03 ----RASH---- C:\NTDETECT.COM
    2009-04-21 22:06:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-04-21 21:55:16 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-04-21 21:51:06 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-04-21 21:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
    2009-04-21 21:13:33 ----D---- C:\WINDOWS\system32\appmgmt
    2009-04-21 21:09:19 ----SHD---- C:\System Volume Information
    2009-04-21 21:08:50 ----D---- C:\WINDOWS\system32\config
    2009-04-21 21:06:29 ----D---- C:\WINDOWS\Registration
    2009-04-21 21:04:34 ----D---- C:\WINDOWS\system32\MsDtc
    2009-04-21 21:04:29 ----D---- C:\WINDOWS\Cursors
    2009-04-21 16:59:13 ----A---- C:\WINDOWS\system.ini
    2009-04-21 16:56:04 ----D---- C:\WINDOWS\system32\ras
    2009-04-21 16:55:57 ----D---- C:\WINDOWS\system32\icsxml
    2009-04-21 16:55:39 ----D---- C:\WINDOWS\system32\ias
    2009-04-21 16:55:35 ----D---- C:\WINDOWS\system32\1033
    2009-04-21 16:54:35 ----D---- C:\WINDOWS\system32\Lang
    2009-04-21 16:54:35 ----D---- C:\WINDOWS\system32\IOSUBSYS
    2009-04-21 16:54:33 ----D---- C:\WINDOWS\system32\Color
    2009-04-21 16:54:31 ----D---- C:\WINDOWS\system32\avsplugin
    2009-04-21 16:54:27 ----D---- C:\WINDOWS\repair
    2009-04-21 16:54:22 ----RD---- C:\WINDOWS\Offline Web Pages
    2009-04-21 16:54:11 ----RSD---- C:\WINDOWS\assembly
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB945060-v3$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2009-04-21 16:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
    2009-04-21 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
    2009-04-21 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
    2009-04-20 09:30:46 ----D---- C:\WINDOWS\Driver Cache
    2009-04-19 11:57:51 ----D---- C:\WINDOWS\Minidump
    2009-04-16 19:01:01 ----D---- C:\Program Files\Flickr Uploadr
    2009-04-01 07:50:18 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-31 22:46:56 ----D---- C:\WINDOWS\system32\spool

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-21 325640]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-21 27656]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-21 108552]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-27 4395008]
    R3 JL2001;Telemax WebCam WC-50; C:\WINDOWS\System32\Drivers\videocap.sys [2002-01-10 173768]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-04-21 908056]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]

    -----------------EOF-----------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •