Many programs blocked from updating/running, i give up!

[rune1990]

OTL Extras logfile created on: 21/05/2011 8:15:34 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\K\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 7.18 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 70.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: K-PC | User Name: K | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0552CF72-AC1D-42FC-A8A4-D93113F66B4E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{060FFC8C-6F0F-4850-A17A-3CC855F82300}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{08B85043-8AE7-48A5-B5F1-CDAE33732403}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0DB1A113-D5D4-47EC-AE62-8EEA1B00E6F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55D4262F-9DEC-4526-84DB-56489DFFE81F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6F7E5517-9CB3-4695-A910-B9E9C0FC87A5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7A0ADB00-C9CF-4F8B-931B-F5C3E3207FF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81C93E7F-3E5B-4856-A248-585650262F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{926A8876-E42F-447C-B0CD-E031FECBCE97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35B5F5B-DD4B-46FC-8A9A-20E3AE4EA3D4}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089DB2A5-639D-4CE0-B664-4051CFAFF69B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B60A314-9017-4826-91D1-6F4E6F2E011B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0EA28119-D130-4AFC-893F-4580F730D88B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{15096B46-246C-4EE4-858A-A70ADC136650}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{15E3E58C-F8BE-4941-8ABA-F3CA032594BB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{1BA86A68-665C-4BC3-9482-56D1991036B8}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{26953776-C0AC-4FC3-8B97-0FCDFAE0A19A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{2A4E7E18-61CA-4C85-B93C-8B961ABBA3CB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{2F5A6D9A-6B17-48AD-84ED-ADE36BFCCAD6}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{33DDA838-7D55-4282-B210-F1BE80C7F694}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{386E72EE-DC09-442C-808C-28C9BE58DBC9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{47184B13-0E3A-4921-9201-78D2DA93DDCF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{4B5D2A11-E8B7-4405-B85B-6E686EC84C2A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{51C78F25-05E1-49EC-9148-C92990611C18}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AEF0C85-A503-4829-A93E-FED9E06A8D96}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{5F7777EC-374F-4BB8-A0B5-DBE89178724A}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{6020BD3B-A070-4739-BA6A-AB3391D23032}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-enus-downloader.exe |
"{64D886C9-0D6C-4305-975B-0E2586E33C5D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67D87F23-7B48-4621-A940-F8E7C7C52896}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C494B8F-C27E-4116-86AE-511716081513}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{72B1B270-2BA3-4875-9EDF-5554AC844DE7}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{7A6B601B-4C54-46D0-AC7B-CD148B5C4FE9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{7C00CED8-CD82-4D15-9A1A-E8AAB3D632B1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{862F1077-D8AD-4C2D-A25E-918E42D1DFCF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{88BDBBA6-2C4A-4581-AD12-4F931B11DC7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A10F366-6462-4219-8DA9-71C86AE162C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93A3174E-74FC-46E6-9BF3-624B4E99FE5A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{D4D9ED95-81D5-4A29-B823-B4EA45D1FE40}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{DB938CED-5B6B-4610-BB64-8C329ECF9EC2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DBD3623C-CE46-476B-A12C-16284C310953}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E01A07F3-D152-4E34-A936-6E484C8420F2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F595A1A9-D6BE-4174-A39B-37F6A4E8CCAF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FF918CBF-FD17-451A-8A55-9BA4A6689FB2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"TCP Query User{08C04F73-8269-43C1-B011-A03E8744ED55}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{0A8E689F-A2C0-4D3E-AC48-932C5CF885D1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{11B8C75D-7A57-46E4-A978-AB7E2F436318}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"TCP Query User{13AC9FF3-A59C-4F42-9256-2DD6E12B25F8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{1EC6E1E9-94F6-43C9-81E6-B55962B60192}C:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe |
"TCP Query User{348B3E97-F85F-41A1-A126-A50D4D4A336D}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"TCP Query User{4538B91A-E3FB-4AD2-8186-D5D219EFBFB6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{4AE5907C-F815-44E2-AEDC-5EF4848139FF}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{4B400B6A-7F6B-4BE8-8017-D913A2756A80}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{60B2DF4C-E545-4BDC-A2C3-60955E67F51E}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"TCP Query User{64000632-7550-47DF-9C48-ADE5530C9B20}C:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe |
"TCP Query User{71809E23-41B9-4AAD-B96B-5029F2B58324}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{840074C0-AD58-46E0-A108-279E170C8143}C:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe |
"TCP Query User{8BB2B005-C8CB-47EC-8A0A-3F2970854238}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8D6D62D4-DC94-4C88-ACAE-729173FF6A2A}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"TCP Query User{9A68CF59-E259-4C61-A547-E9FF337F4B20}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{9BF063E6-A5E0-4039-BA68-29725F6B0407}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A59E621E-F59F-4F2B-93DB-9E93767C0ABC}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{A7A66E65-4AAB-4541-84AA-32D398F7F1BE}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B29F9197-D6DA-4902-A3A7-E216831943CA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{B75353B4-BD6F-4A74-B55D-CBE6EC3FAB85}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{C253EEEF-7633-46CF-AFF6-B4443CCCC941}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{CECFD4E3-91E6-4C7C-8599-B7B3236BAA9A}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"TCP Query User{DE47D51B-9D2F-49E2-B085-9AA113964F54}C:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe |
"TCP Query User{DFAAC5FD-EDFA-48C5-8344-C089190AF4A3}C:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe |
"TCP Query User{EB860A7F-09FB-48B3-B488-F970359B75DB}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F0E1CB3C-FEB6-4A6D-B8E0-FCC63CEFF6EF}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"TCP Query User{FEB7334B-3FCF-4A00-B583-9E3521C912DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{05BAC0E9-9AC0-4D11-94A3-856C13AED845}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{1F222031-C213-472B-BC47-80C59BA86E10}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{24B0FCE1-AC10-469F-A551-E2AAC21490AD}C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe |
"UDP Query User{2D9A1AB9-E2DC-4614-9DA8-0D5E6BC83392}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"UDP Query User{3765DDB6-E0EB-46A6-AD71-2040329ED37D}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{3E6C5CCB-D849-4DCF-9606-B12F71353A9B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{48137D30-0913-4E90-AA0C-6B28D4A3FFE7}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{55406FFD-37C0-42C6-AE05-B4DB7C9BB694}C:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 141e6780\launcher.exe |
"UDP Query User{5D7FB164-DC4A-41B2-8BB6-14E17B095970}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{621E2C63-0F31-41B5-97F8-D005902ED4B7}C:\program files\ea sports\nhl07\nhl2007.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\nhl07\nhl2007.exe |
"UDP Query User{67D92A26-FA79-4826-8F0F-A4B706F0E202}C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe |
"UDP Query User{72238392-25B5-49D5-94F2-D84B61D284CF}C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe |
"UDP Query User{74B41406-46A6-41B2-B79D-44C8703A318B}C:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 71e7b268\launcher.exe |
"UDP Query User{86A73E7A-510A-405A-99D7-A78754391D4E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{8C81351C-9684-41A5-A987-7830AE02C26D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{95AC38A2-A95E-4C2A-8C4B-120C1BEB713C}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{98815986-C8B7-4D3D-B35A-24B6C7396689}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{A15C21F8-80A8-47FB-8277-E71B0E028240}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{AFC46FBC-50BD-43B7-8B16-225FF38A86DD}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B478684E-7420-4838-86F2-394CEC4672E0}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{B4A215AA-6B7E-475D-A0BA-9C1A72F40B12}C:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - f2b86708\launcher.exe |
"UDP Query User{BB264361-2607-4E61-96EC-909C9ADFD607}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{BCDA0697-FFAE-449E-932A-8B1B4AF03E65}C:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\microsoft\windows\temporary internet files\content.ie5\kfhwkvwy\wrath_of_the_lich_king_en.avi-downloader[1].exe |
"UDP Query User{C64918A9-11EA-40EC-999B-BD21448019F8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{DA61D1A8-897D-47E2-8BAD-583F1EA46714}C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe |
"UDP Query User{E210E752-12D0-40E6-A3EC-B9D87AF46773}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{F7FBB5B4-0912-474E-84FC-A6FC0F9FE0F9}C:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe" = protocol=17 | dir=in | app=c:\users\k\appdata\local\temp\blizzard launcher temporary - 118e1fb0\launcher.exe |
"UDP Query User{FAA017FE-BAE9-4E9B-A2CD-FF525EB36045}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi Software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AIMars" = Kids Cam Show and Share Creativity Center
"Allok MPEG4 Converter_is1" = Allok MPEG4 Converter 4.1.0422
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Foci PhotoViewer 2.0_is1" = PhotoViewer 2.0.2.5
"ERUNT_is1" = ERUNT 1.1j
"Fish Tycoon" = Fish Tycoon (remove only)
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"GridVista" = Acer GridVista
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Virtual Villagers" = Virtual Villagers (remove only)
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2008 9:12:52 PM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 06/08/2008 3:16:41 AM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 12/09/2008 2:52:53 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 7.7.1.11 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e9c Start Time: 01c915087eb9de5e Termination Time: 21

Error - 16/10/2008 12:13:01 AM | Computer Name = K-PC | Source = VSS | ID = 12298
Description =

Error - 18/10/2008 10:12:35 PM | Computer Name = K-PC | Source = Application Error | ID = 1000
Description = Faulting application IKEA Home Planner.exe, version 1.9.25.0, time
stamp 0x4738d522, faulting module IKEA Home Planner.exe, version 1.9.25.0, time
stamp 0x4738d522, exception code 0xc0000005, fault offset 0x000e4d7d, process id
0x668, application start time 0x01c9318e473b80cf.

Error - 18/10/2008 10:44:21 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 8.0.1.11 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 6bc Start Time: 01c931931f31118f Termination Time: 179

Error - 21/10/2008 10:51:33 AM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program DrvInst.exe version 1.0.703.1965 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15b8 Start Time: 01c9338bd00b7bb0 Termination Time: 63

Error - 09/11/2008 12:37:49 AM | Computer Name = K-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16757, time stamp
0x48e4238e, faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac,
exception code 0xc0000005, fault offset 0x000017fb, process id 0x1bc, application
start time 0x01c93e0fb3c81b64.

Error - 12/11/2008 8:52:23 PM | Computer Name = K-PC | Source = VSS | ID = 8194
Description =

Error - 06/12/2008 7:54:22 PM | Computer Name = K-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16549 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 160 Start Time: 01c95288eaf9a681 Termination Time: 1404

[ Media Center Events ]
Error - 17/12/2007 4:50:36 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/12/2007 10:01:48 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/12/2007 5:53:42 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 2:55:02 AM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 17/04/2008 5:38:57 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 28/04/2008 7:01:21 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 16/12/2008 2:18:38 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 19/12/2008 2:17:58 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 24/04/2009 2:37:05 AM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 07/10/2009 5:06:29 PM | Computer Name = K-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:26 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:14:29 AM | Computer Name = K-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/05/2011 8:17:13 AM | Computer Name = K-PC | Source = DCOM | ID = 10000
Description =


< End of report >

[vict0r]

It will take me a while to research the logs from OTL. I will post a preliminary fix as soon as possible.

[vict0r]

Hi.

Please read the following carefully and post your decision in a reply to this post.


BACKDOOR TROJAN

I'm afraid I have some bad news for you. One or more of the identified infections is a BACKDOOR TROJAN. A backdoor gives intruders complete control of your computer, logs your keystrokes, steals personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers.
• If you have ever handled anything related to money (online banking, online shopping, etc), call your bank and credit card company and say that you might be a victim of identity theft due to a computer virus which logs keystrokes.
• Next, change ALL your passwords from a known clean computer! Do not use them on this computer again (until cleaned).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records when the computer connects to the internet.

Due to the backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted and fully secured again unless you reformat and reinstall Windows.

Further reading:

• How do I respond to a possible identity theft and how do I prevent it
• When should do a reformat and reinstallation of my OS

An attempt to clean the computer can be made, but you cannot trust it again for banking, shopping and any activity involving a password, it might not even be possible to clean the computer at all.

Since this is a Acer computer it probably has a recovery partition to restore the system to the state it was delivered as new (reformat and reinstall). This is also probably the less time consuming method to clean the computer. (Backup all important data first!)

Post any question if you have, i.e. how to backup and restore the computer.

Please let me know what you have decided to do in your next post.

[rune1990]

Ok, I had a feeling this was the issue, and since it was infected many months ago we had actually done what you suggested and changed all pw etc from a safe computer.

In light of the fact that I want to be able to do banking from this computer(which I probably will never do, not trusting it), I believe the solution will be a reformat and reinstall.

I am not exactlly sure how to go about this however. I don't feel I have anything important I need to back up or save off the computer either.

[vict0r]

I don't feel I have anything important I need to back up or save off the computer either.

Usually there are files and folders in the My Documents folder that you might not want to lose, bookmarks in your internet browser (firefox?), there's e-mail (if not using a webmail or IMAP solution) and software licenses that need special reinstall procedure (TomTom?). It's actually remarkably easy to forget something...

If you copy this directory (and other desired user profiles) to your D: drive somewhere, then you have most covered: C:\Users\K. Do not copy the profile back after the reinstall as it might be infected. Retrieve only necessary files as you need them.


To restore a Acer computer to factory default after the necessary backups has been made:

# 1 Close all programs.

# 2 Shut down your Acer laptop by opening your Start menu and selecting "Shut Down" from the options for shutting down and restarting windows.

# 3 Detach any external hardware such as an external hard drive or printer.

# 4 Press the Power button to boot your Acer laptop.

# 5 Press "Alt + F10" on your keyboard when the Acer screen appears at the start of the boot up process. Wait a moment while Windows loads the reset files.

# 6 Select "Restore System from factory default" in the Acer eRecovery Management window.

# 7 Click "Next" on the next screen to continue. Click "Next" on the following destination information window. This will pop up a notice telling you that resetting your Acer laptop will erase all data and restore the laptop to its original settings and configuration.

# 8 Click "OK" in the notice window to proceed with resetting your Acer laptop.

# 9 Wait while your Acer laptop is reset to factory settings.


After the reset is finished, then it is important to not use it for any internet activity before it has got an anti-virus installed and its fully updated again (Control-Panel -> Windows Update -> Check for updates -> Install updates) This is a remarkably time consuming process.

Let me know if you have got further related questions.

[rune1990]

I will start that right now, thank you, very much, for your help and your time

[vict0r]

You're welcome.

Do you own usb pen drives or external hard drives? Then you will probably find the following tool useful.

If your USB-stick is formatted with the NTFS-file system: STOP following these instructions and post back. If you are unsure, stop and ask for advise. Do not use Panda USB Vaccine on a NTFS file system.


Download, install and run Panda USB Vaccine

The usb vaccination performed by this program will permanently disable any autorun.inf functionality of your usb stick. After the vaccination you will be able to use the usb stick normally and files (even malware) can be copied to/from it, however they will be prevented from executing automatically. This vaccination can only be reversed with a reformat of the usb stick.

Download and save Panda USB Vaccine from to your Windows 7 computer from>>>here<<<.

• Double click the file USBVaccineSetup.exe to start the installation.
• During setup uncheck the option to Run Panda USB Vaccine automatically when computer boots.
• Start Panda USB Vaccine.
• Insert your usb-stick, choose the correct drive letter (i.e "F:\") and click Vaccinate USB.
• When it's finished, close the program.
• You can delete the downloaded USBVaccineSetup.exe.

With your vaccinated drive, transfer DDS to the Acer laptop and run the tool. Save the two logs to the drive and bring them back to your Windows 7 machine, then post the logs. Then I'll take a look at the logs.

[rune1990]

Alright! All set up once again.

No thumb drive, should I just DL and run dds on infected computer?

[vict0r]

No thumb drive, should I just DL and run dds on infected computer?

Hopefully it is not infected anymore if you have done the factory restore.

Since you have no thumb drive, you can download and run DDS from the following link: >Here<.

Please do not use the computer for anything else on the network until it is fully updated and secured.

[rune1990]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Rachel at 18:16:19 on 2011-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.1152 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Rachel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rachel\Desktop\dds.com
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sympatico.msn.ca/
uSEARCH PAGE = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eRecoveryService]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
AppInit_DLLs: c:\windows\system32\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-22 307928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-22 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-22 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-22 42184]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-22 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-2 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-2 1174152]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2006-12-2 202872]
.
=============== Created Last 30 ================
.
2011-05-22 20:20:00 -------- d-----w- c:\program files\COMODO
2011-05-22 20:18:39 -------- d-----w- c:\programdata\Comodo
2011-05-22 20:16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 20:16:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 20:14:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-22 20:10:19 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-22 20:10:18 -------- d-----w- c:\program files\SpywareBlaster
2011-05-22 14:54:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-22 14:54:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-22 14:52:35 40112 ----a-w- c:\windows\avastSS.scr
2011-05-22 14:51:55 -------- d-----w- c:\programdata\AVAST Software
2011-05-22 14:51:55 -------- d-----w- c:\program files\AVAST Software
2011-05-22 14:32:31 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-05-22 14:30:50 268800 ----a-w- c:\windows\system32\es.dll
2011-05-22 14:30:06 -------- d-----w- c:\users\rachel\Roaming
2011-05-22 14:30:06 -------- d-----w- c:\programdata\Roaming
2011-05-22 14:29:13 -------- d-----w- c:\program files\Cisco
2011-05-22 14:29:12 -------- d-----w- c:\program files\common files\Intel
2011-05-22 13:50:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-05-22 13:50:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-05-22 13:50:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-05-22 13:50:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-22 13:50:54 24064 ----a-w- c:\windows\system32\lpk.dll
2011-05-22 13:50:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-22 13:46:09 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-22 13:46:09 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-05-22 13:46:09 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-05-22 13:46:09 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-22 13:43:25 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-22 13:43:24 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-22 13:42:04 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-05-22 13:42:04 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-05-22 13:42:04 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-05-22 13:40:43 707072 ----a-w- c:\program files\common files\system\wab32.dll
2011-05-22 13:40:43 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2011-05-22 13:40:43 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2011-05-22 13:40:42 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-05-22 13:40:42 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-05-22 13:40:42 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2011-05-22 13:40:42 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-05-22 13:40:41 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2011-05-22 13:40:38 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2011-05-22 13:40:37 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2011-05-22 13:40:37 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2011-05-22 13:38:45 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-22 13:38:45 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-22 13:38:45 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-22 13:38:45 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-22 13:38:45 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-22 13:38:45 15360 ----a-w- c:\windows\system32\netevent.dll
2011-05-22 13:38:45 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-22 13:38:45 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-22 13:38:45 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-22 13:36:44 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-05-22 13:36:44 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-05-22 13:36:42 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-05-22 13:36:42 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-05-22 13:36:42 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-05-22 13:36:42 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-05-22 13:36:41 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-05-22 13:36:40 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-05-22 13:36:39 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-05-22 13:35:23 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-05-22 13:35:23 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-05-22 13:34:06 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-22 13:34:05 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-22 13:34:04 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-22 13:34:04 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-22 13:34:04 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-05-22 13:34:04 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-22 13:32:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-22 13:32:31 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-05-22 13:32:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-22 13:32:30 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-05-22 13:31:01 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-22 13:29:36 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-22 13:29:36 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-22 13:29:36 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-22 13:28:22 49664 ----a-w- c:\windows\system32\csrsrv.dll
2011-05-22 13:28:22 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-05-22 13:27:05 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-22 13:27:05 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-22 13:27:05 2855424 ----a-w- c:\windows\system32\mf.dll
2011-05-22 13:27:05 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-22 13:27:05 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-22 13:25:35 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-22 13:25:35 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-22 13:20:34 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-05-22 13:19:16 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-22 13:16:55 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-05-22 13:15:46 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-05-22 13:15:46 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-22 13:11:43 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-05-22 13:10:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-05-22 13:10:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-05-22 13:09:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-22 13:07:55 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-05-22 13:07:54 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-22 13:07:54 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-22 13:06:30 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-05-22 13:04:05 414208 ----a-w- c:\windows\system32\msscp.dll
2011-05-22 13:02:57 713728 ----a-w- c:\windows\system32\timedate.cpl
2011-05-22 13:01:42 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2011-05-22 13:00:34 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2011-05-22 13:00:33 86016 ----a-w- c:\windows\system32\icfupgd.dll
2011-05-22 13:00:33 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2011-05-22 13:00:33 61952 ----a-w- c:\windows\system32\cmifw.dll
2011-05-22 13:00:33 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2011-05-22 13:00:33 16896 ----a-w- c:\windows\system32\wfapigp.dll
2011-05-22 12:58:10 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-05-22 12:58:09 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-05-22 12:58:09 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-05-22 12:58:09 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-05-22 12:55:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2011-05-22 12:55:16 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2011-05-22 12:55:16 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-05-22 12:55:15 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-05-22 12:55:15 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-05-22 12:55:15 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-05-22 12:55:15 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-05-22 12:55:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-05-22 12:51:22 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-22 12:49:54 696832 ----a-w- c:\windows\system32\localspl.dll
2011-05-22 12:47:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-05-22 12:47:28 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-05-22 12:47:28 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-05-22 12:47:28 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-05-22 12:47:27 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-22 12:47:27 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-05-22 12:46:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2011-05-22 12:45:31 2923520 ----a-w- c:\windows\explorer.exe
2011-05-22 12:45:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-05-22 12:44:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32022ae2-ea0f-4097-b85f-c22bf3710af0}\mpengine.dll
2011-05-22 12:44:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:43:04 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-05-22 12:41:49 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-05-22 12:41:48 7680 ----a-w- c:\windows\system32\lsass.exe
2011-05-22 12:41:48 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-22 12:41:48 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-22 12:41:48 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-22 12:41:48 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-22 12:41:47 272384 ----a-w- c:\windows\system32\schannel.dll
2011-05-22 12:40:38 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-05-22 12:35:35 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-05-22 12:35:35 19456 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-05-22 12:35:35 181760 ----a-w- c:\windows\system32\fsquirt.exe
2011-05-22 12:35:34 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-05-22 12:33:23 1585664 ----a-w- c:\windows\system32\setupapi.dll
2011-05-22 12:30:38 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-05-22 12:30:37 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-05-22 12:30:36 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-05-22 12:30:36 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-22 12:30:36 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-05-22 12:30:36 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-05-22 12:30:36 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-05-22 12:30:35 53248 ----a-w- c:\windows\system32\iasads.dll
2011-05-22 12:30:35 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-05-22 12:30:35 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-05-22 12:30:34 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-05-22 12:29:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-22 12:29:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-22 12:27:14 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-22 12:27:13 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-22 12:27:13 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-05-22 12:27:13 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-22 12:27:13 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-22 12:27:13 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-05-22 12:27:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-22 12:26:12 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-05-22 12:25:21 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-05-22 12:24:25 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-05-22 12:24:25 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-05-22 12:24:25 2048 ----a-w- c:\windows\system32\asferror.dll
2011-05-22 12:23:31 25600 ----a-w- c:\windows\system32\amxread.dll
2011-05-22 12:23:30 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-05-22 12:22:24 223232 ----a-w- c:\windows\system32\SLC.dll
2011-05-22 12:22:23 33280 ----a-w- c:\windows\system32\slwmi.dll
2011-05-22 12:22:23 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2011-05-22 12:22:22 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2011-05-22 12:22:22 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2011-05-22 12:22:22 351232 ----a-w- c:\windows\system32\SLUI.exe
2011-05-22 12:22:22 186368 ----a-w- c:\windows\system32\SLLUA.exe
2011-05-22 12:22:21 39936 ----a-w- c:\windows\system32\slcinst.dll
2011-05-22 12:22:21 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2011-05-22 12:21:15 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-22 12:21:14 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-22 12:21:13 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-22 12:20:00 97792 ----a-w- c:\windows\system32\cabview.dll
2011-05-22 12:18:23 61440 ----a-w- c:\windows\system32\ntprint.exe
2011-05-22 12:18:23 220160 ----a-w- c:\windows\system32\ntprint.dll
2011-05-22 12:18:21 1984512 ----a-w- c:\windows\system32\authui.dll
2011-05-22 12:18:21 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2011-05-22 12:18:21 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2011-05-22 12:18:19 69632 ----a-w- c:\windows\system32\sendmail.dll
2011-05-22 12:18:17 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2011-05-22 12:16:30 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-05-22 12:16:30 37376 ----a-w- c:\windows\system32\printcom.dll
2011-05-22 12:15:37 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 12:13:41 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-22 12:13:41 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-05-22 12:12:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-22 12:12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-22 12:12:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-22 12:11:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-05-22 12:11:25 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-05-22 12:11:25 472576 ----a-w- c:\windows\system32\secproc.dll
2011-05-22 12:11:25 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-05-22 12:11:25 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-05-22 12:11:25 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-05-22 12:11:25 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-05-22 12:11:24 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-22 12:11:24 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-22 12:10:26 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2011-05-22 12:10:25 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2011-05-22 12:10:25 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-05-22 12:09:00 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-22 12:09:00 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-22 12:08:23 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-05-22 12:03:48 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-05-22 12:03:47 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-05-22 12:03:47 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-05-22 12:03:47 11264 ----a-w- c:\windows\system32\icardres.dll
2011-05-22 12:03:43 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-05-22 12:03:42 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-05-22 12:03:42 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-22 12:03:42 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-22 11:14:53 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-05-22 11:14:53 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-22 11:14:51 83968 ----a-w- c:\windows\system32\mscories.dll
2011-05-22 11:14:51 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-05-22 11:14:51 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-05-22 02:32:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-22 02:32:09 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-22 02:32:08 1686528 ----a-w- c:\windows\system32\gameux.dll
2011-05-22 02:31:21 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-05-22 02:31:21 94720 ----a-w- c:\windows\system32\logagent.exe
2011-05-22 02:30:40 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-05-22 02:30:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-22 02:30:22 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-22 02:29:54 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-22 02:29:27 1645568 ----a-w- c:\windows\system32\connect.dll
2011-05-22 02:29:04 5120 ----a-w- c:\windows\system32\wmi.dll
2011-05-22 02:29:04 152576 ----a-w- c:\windows\system32\imagehlp.dll
2011-05-22 02:29:04 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2011-05-22 02:28:43 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-22 02:27:53 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-22 02:27:53 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-05-22 02:27:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-22 02:25:51 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-22 02:25:33 974336 ----a-w- c:\windows\system32\crypt32.dll
2011-05-22 02:24:54 274432 ----a-w- c:\windows\system32\raschap.dll
2011-05-22 02:24:54 232960 ----a-w- c:\windows\system32\rastls.dll
2011-05-22 02:24:27 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-22 02:23:45 -------- d-----w- c:\program files\MSXML 4.0
2011-05-22 02:23:32 633856 ----a-w- c:\windows\system32\user32.dll
2011-05-22 02:22:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-22 02:22:01 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-22 02:22:01 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-22 02:22:00 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-05-22 02:22:00 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-22 02:22:00 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-22 02:22:00 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-22 02:22:00 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-22 02:22:00 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-05-22 02:22:00 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-22 02:21:35 750080 ----a-w- c:\windows\system32\qmgr.dll
2011-05-22 02:21:11 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-22 02:20:30 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-22 02:20:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-22 02:20:29 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-05-22 02:20:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-22 02:20:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-22 02:20:28 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-05-22 02:20:28 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-05-22 02:20:25 311296 ----a-w- c:\windows\system32\unregmp2.exe
2011-05-22 02:20:25 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-05-22 01:35:18 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-05-22 01:35:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-05-22 01:35:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-05-22 01:35:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-05-22 01:35:18 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-05-22 01:35:18 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-05-22 01:35:17 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-05-22 00:47:26 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-22 00:46:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-22 00:46:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-22 00:46:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-22 00:42:55 -------- d--h--w- c:\users\rachel\appdata\local\acer eNM
2011-05-22 00:37:14 360448 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-05-22 00:37:14 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-05-22 00:37:14 1402880 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-05-22 00:36:31 8704 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2011-05-22 00:36:31 69632 ----a-w- c:\windows\system32\drivers\int15.sys
2011-05-22 00:36:31 6144 ----a-w- c:\windows\system32\drivers\zntport64.sys
2011-05-22 00:36:31 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2011-05-22 00:36:31 15656 ----a-w- c:\windows\system32\drivers\int15_64.sys
2011-05-22 00:36:31 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
2011-05-22 00:35:36 65536 ----a-w- c:\windows\system32\NATTraversal.dll
2011-05-22 00:31:45 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 00:30:51 -------- d-----w- c:\windows\system32\i386
2011-05-22 00:30:23 -------- d-----w- c:\program files\common files\Logitech
2011-05-22 00:30:23 -------- d-----w- c:\program files\Acer
2011-05-22 00:29:00 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-MX
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-AR
2011-05-22 00:28:49 -------- d-----w- c:\program files\WIDCOMM
2011-05-22 00:28:15 1285 ----a-w- c:\windows\CLEANUP.CMD
2011-05-22 00:27:37 -------- d-----w- c:\program files\Acer Registration
2011-05-22 00:26:33 506368 ----a-w- c:\windows\system32\athr.sys
2011-05-22 00:26:33 -------- d-----w- c:\program files\Atheros
2011-05-22 00:26:32 -------- d-----w- c:\windows\Options
2011-05-22 00:26:16 -------- d-----w- C:\temp
2011-05-22 00:25:41 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.DAT
2011-05-22 00:24:33 1655464 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-05-22 00:24:33 14336 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-05-22 00:24:32 4186112 ----a-w- c:\windows\RtHDVCpl.exe
2011-05-22 00:23:45 -------- d-----w- c:\program files\Launch Manager
2011-05-22 00:22:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-22 00:20:29 -------- d-----w- c:\users\rachel\appdata\local\VirtualStore
2011-05-03 00:36:34 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36:32 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36:32 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2011-05-22 14:28:00 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-22 13:48:38 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-22 13:48:36 832512 ----a-w- c:\windows\system32\wininet.dll
2011-05-22 13:48:36 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-05-22 13:48:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-05-22 13:48:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-22 13:48:31 389120 ----a-w- c:\windows\system32\html.iec
2011-05-22 13:48:30 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-22 13:48:27 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-22 13:48:25 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-22 13:48:22 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-05-22 12:38:47 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-05-22 12:32:46 4608 ----a-w- c:\windows\system32\drivers\en-us\mouclass.sys.mui
2011-05-22 12:23:30 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-05-22 02:32:11 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-05-22 02:32:10 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-05-22 02:32:10 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-05-22 02:32:09 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-05-22 02:32:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-05-22 00:24:38 319984 ----a-w- c:\windows\DIFxAPI.dll
.
============= FINISH: 18:17:32.00 ===============