Hijack This! Log.

View previous topic View next topic Go down

Hijack This! Log.

Post by darkx2987 on 9th September 2009, 1:58 am

I followed the instructions, but I couldn't install the required Windows update. The virus wouldn't let windows see which updates i need to download, but here's the high jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:26 PM, on 9/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\svchasts.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Ou Lee\Desktop\winlogon.scr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: ????(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.antimalwareguard.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB2EDB9E-0371-481E-AED2-BBAEF1523F69}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8666 bytes

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 9th September 2009, 5:58 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 10th September 2009, 1:42 am

Malwarebytes' Anti-Malware 1.40
Database version: 2763
Windows 5.1.2600 Service Pack 2

9/9/2009 9:29:01 PM
mbam-log-2009-09-09 (21-29-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 270543
Time elapsed: 2 hour(s), 31 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ou Lee\Desktop\JEFF'S STUFF\Bear Share\BearShareZangoInstaller.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2422460771-3482740044-848249443-1011\Dc124\windows Police Pro.exe (Antivirus2009) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2422460771-3482740044-848249443-1011\Dc124\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\desote.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ou Lee\Desktop\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ou Lee\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 10th September 2009, 1:46 am

Hi

Rooter Rootkit Detector - [You must be registered and logged in to see this link.]

Download [You must be registered and logged in to see this link.] to your desktop

  1. Double click it to start the tool.
  2. A Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 10th September 2009, 1:50 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 6.0.2900.2180
Mozilla Firefox 3.5.2 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:23 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 21:48.34
Path : C:\Documents and Settings\Ou Lee\Desktop\Rooter.exe
User : Ou Lee ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (636)
______ \??\C:\WINDOWS\system32\csrss.exe (688)
______ \??\C:\WINDOWS\system32\winlogon.exe (712)
______ C:\WINDOWS\system32\services.exe (756)
______ C:\WINDOWS\system32\lsass.exe (768)
______ C:\WINDOWS\system32\svchost.exe (920)
______ C:\WINDOWS\system32\svchost.exe (1004)
______ C:\WINDOWS\System32\svchost.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1152)
______ C:\WINDOWS\System32\svchost.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1384)
______ C:\WINDOWS\system32\spoolsv.exe (1640)
______ C:\WINDOWS\System32\svchost.exe (1784)
______ C:\WINDOWS\Explorer.EXE (1792)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (1836)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1884)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1940)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (1948)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1980)
______ C:\Program Files\Java\jre6\bin\jqs.exe (164)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (332)
______ C:\WINDOWS\system32\nvsvc32.exe (444)
______ C:\WINDOWS\System32\svchost.exe (488)
______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (504)
______ C:\WINDOWS\System32\MsPMSPSv.exe (584)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1068)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1092)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (1380)
______ C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (480)
______ C:\WINDOWS\System32\alg.exe (2056)
______ C:\WINDOWS\system32\wscntfy.exe (2072)
______ C:\Program Files\Brownie\BrstsWnd.exe (2484)
______ C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (2512)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2528)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2624)
______ C:\WINDOWS\system32\ctfmon.exe (2636)
______ C:\Program Files\Brownie\brpjp04a.exe (2764)
______ C:\Program Files\Messenger\msmsgs.exe (2772)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2980)
______ C:\WINDOWS\system32\wuauclt.exe (3096)
______ C:\WINDOWS\system32\wuauclt.exe (3456)
______ C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (3856)
______ C:\Documents and Settings\Ou Lee\Desktop\Rooter.exe (232)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:119965708800)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011UA.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\trotsubb.job
C:\WINDOWS\Tasks\WebReg .job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:49.48
.
C:\Rooter$\Rooter_1.txt - (09/09/2009 | 21:49.48)

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 10th September 2009, 1:58 am

Hi

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

    • C:\Program Files\Brownie\brpjp04a.exe


  • Click on the submit button

  • Please post the results (URL) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 10th September 2009, 2:00 am

Filename: brpjp04a.exe
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 18 Aug 2009 19:33:10 (CET) Permalink

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 10th September 2009, 2:17 am

Hi

Please download [You must be registered and logged in to see this link.] by Atribune to your Desktop. Do not run the tool yet.

====

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Windows Police Pro

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

C:\Program Files\Windows Police Pro

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

c:\WINDOWS\system32\minix32.exe
C:\WINDOWS\system32\dddesot.dll

==

Please also delete this file, if it exists, but pay attention to the spelling of it. This one has an 'a' and an extra 's' in it. Do not delete the legitimate file svchost.exe. Doing so can cause system damage.

C:\WINDOWS\svchasts.exe << Delete this file

====

Please locate ATF-cleaner.exe


    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
Click Exit on the Main menu to close the program.

==

Please reboot to Normal Mode, and post a fresh HijackThis log here in your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 10th September 2009, 2:57 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:09 PM, on 9/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: ????(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.antimalwareguard.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB2EDB9E-0371-481E-AED2-BBAEF1523F69}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8511 bytes

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 10th September 2009, 3:16 am

Hi

Please re-open HijackThis and scan. Check the box next to this entry listed below.

O15 - Trusted Zone: *.antimalwareguard.com

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

==

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

==

Please post the Malwarebytes log in your next reply. Also, please tell me if you uninstalled Viewpoint, and tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 10th September 2009, 11:27 am

I uninstalled viewpoint. Even though it says I have no maleware, i still have the google redirect virus. When i click on the search results on google, the virus leads me to sites like this: [You must be registered and logged in to see this link.]

Malwarebytes' Anti-Malware 1.40
Database version: 2769
Windows 5.1.2600 Service Pack 2

9/10/2009 7:25:19 AM
mbam-log-2009-09-10 (07-25-18).txt

Scan type: Quick Scan
Objects scanned: 120502
Time elapsed: 19 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 10th September 2009, 3:22 pm

Hi

I think it is hiding.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
NOTE! Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 11th September 2009, 12:08 pm

A pop up came up when the scan was completed. It says:

"Warning- the number of SSDT entries from the kernel and the number on-disk are different (297 and 284)."

Here are the results:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 07:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9D46000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750\GAME NIGHT Smile.rar
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Ou Lee\My Documents\My Scans\2007-01 (Jan)\scan0011.jpg
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0a00

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0730

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa08a0

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1340

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0f90

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1c60

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0b60

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9ef80

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0520

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1170

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1910

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1c10

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1f90

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa2560

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9dc40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1bc0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9f2f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa1760

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa0a20

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9f1c0

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9ebe0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9dbc0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9dc00

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9eae0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa2340

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9eb90

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4f9e080

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa2180

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf4fa2390

==EOF==

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 11th September 2009, 8:47 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose CopyCrying


    C:\Documents and Settings\Ou Lee\Local Settings\Temp\Rar$ML66.750


  • Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====

Download OTL by OldTimer to your desktop: [You must be registered and logged in to see this link.]


  • Close
    all open windows on the Task Bar. Click the icon (for Vista, right
    click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.


==

In your next reply, please include the following logs:

-Contents of the OTM fix log
-Contents of OTL.txt
-Contents of Extras.txt

Also, please tell me how your computer is running, and if you encountered any problems with the instructions above. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 12th September 2009, 12:59 pm

OTM LOG:

Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 09122009_002951

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 12th September 2009, 12:59 pm

OTL LOG

OTL logfile created on: 9/12/2009 12:31:44 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ou Lee\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 124.35 Mb Available Physical Memory | 24.34% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 24.96 Gb Free Space | 22.34% Space Free | Partition Type: NTFS
Drive D: | 84.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN1
Current User Name: Ou Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2004/10/15 16:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2009/05/05 10:00:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2001/05/01 18:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/05/19 10:19:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/05 10:00:08 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/01/08 10:28:02 | 00,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrstsWnd.exe
PRC - [2007/09/26 19:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
PRC - [2009/06/12 10:54:52 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/01/11 13:54:44 | 00,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/04 03:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/09/09 23:20:18 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/14 16:32:50 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/09/12 00:30:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ou Lee\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/11/30 23:30:31 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004/10/15 16:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Auto | Running])
SRV - File not found -- -- (AOLService [Auto | Stopped])
SRV - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/05 10:00:04 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/25 10:28:37 | 01,836,544 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/19 14:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2007/10/19 14:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Stopped])
SRV - [2007/10/19 14:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/05/03 13:29:42 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/12/09 06:38:14 | 00,065,625 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/02/11 10:06:50 | 00,034,816 | ---- | M] () -- C:\Program Files\Registry Defragmentation\RegManServ.exe -- (RegManServ [Disabled | Stopped])
SRV - [2004/06/29 16:14:38 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2003/12/09 06:32:58 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2006/04/03 18:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])
SRV - [2001/05/01 18:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 02:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1996/02/23 00:00:00 | 00,017,760 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [Auto | Running])
DRV - [2009/07/18 11:48:20 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/17 11:49:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/05 10:00:09 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2002/12/12 03:23:31 | 00,059,440 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2002/12/12 03:23:31 | 00,023,724 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/04/10 18:48:04 | 00,236,032 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2002/04/10 19:01:12 | 00,024,554 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2002/04/30 14:53:08 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2004/10/25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])
DRV - [2002/08/29 07:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2004/08/04 02:08:21 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/08/20 17:28:54 | 00,170,499 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2002/08/20 17:28:18 | 01,175,536 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2009/02/18 14:41:10 | 00,186,128 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2007/10/19 14:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/10/11 19:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Running])
DRV - [2007/02/03 10:32:36 | 00,041,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2005/08/09 12:36:40 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/10/22 16:46:42 | 00,009,855 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2002/04/10 19:01:00 | 00,029,638 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2002/08/08 15:51:32 | 00,038,951 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\Drivers\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])
DRV - [2002/05/03 13:30:08 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2005/01/04 05:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2 [System | Running])
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/07/19 12:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2002/08/30 12:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P16X.sys -- (P16X [On_Demand | Running])
DRV - [2007/02/03 10:27:16 | 00,014,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2007/02/03 10:27:28 | 00,938,272 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/04/10 19:00:44 | 00,117,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2006/07/27 13:28:33 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2002/08/29 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/01/03 03:26:38 | 00,010,051 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\SECYPUSB.sys -- (SECYPUSB [On_Demand | Stopped])
DRV - [2004/08/04 02:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2006/11/16 10:54:08 | 00,513,152 | ---- | M] (Windows (R) 2000/XP) -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/10/19 16:02:32 | 00,038,402 | ---- | M] (Generic) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2002/04/10 18:45:16 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/04 03:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2001/11/09 18:48:46 | 00,015,576 | ---- | M] () -- C:\WINDOWS\System32\Drivers\usbbc.sys -- (Wdm1 [On_Demand | Stopped])
DRV - [2002/08/20 17:22:06 | 00,604,240 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/02/26 19:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:29:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 11:51:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/11 15:48:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 23:20:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 23:24:02 | 00,000,000 | ---D | M]

[2008/06/17 18:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Extensions
[2008/06/17 18:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/11 22:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\aa390js1.default\extensions
[2009/09/01 22:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\aa390js1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/20 10:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\aa390js1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/06/17 21:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\aa390js1.default\extensions\foxfilter@inspiredeffect(2).net
[2007/09/27 19:51:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\aa390js1.default\extensions\moveplayer@movenetworks.com
[2006/02/17 23:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\jh7oxaib.Default User\extensions
[2006/02/17 23:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\jh7oxaib.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/02/22 20:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\mj88lapd.Default User\extensions
[2006/02/22 20:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\mozilla\Firefox\Profiles\mj88lapd.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/09 18:24:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/09 23:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/22 13:05:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{A18664CF-AF25-4867-A9AC-2787D8D0F8F3}
[2008/09/20 11:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/07/11 15:48:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/08 21:36:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/04/29 23:25:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D9A864BD-24A0-4458-8963-022B9907F4B1}
[2009/04/30 20:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{EE734547-B96D-4C0A-B037-5BF17E1B8D04}
[2007/06/17 21:41:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla(2).org
[2009/09/09 23:20:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/09 23:20:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/07/24 22:17:36 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2006/10/26 17:13:26 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/06 12:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/09/28 22:21:47 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/03/23 22:54:41 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/09 23:20:20 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/22 23:05:29 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/16 15:37:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/16 15:37:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/16 15:37:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/16 15:37:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/16 15:37:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/16 15:37:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/16 15:37:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/08/22 00:27:35 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/22 00:27:35 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/22 00:27:35 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/22 00:27:35 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/22 00:27:35 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/22 00:27:35 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/22 00:27:35 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll File not found
O3 - HKLM\..\Toolbar: (金山快译(&K)) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll (??????????)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW4] C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/27 20:56:08 | 00,000,038 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/04/01 12:26:44 | 00,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{81a02362-5a79-11dd-9a99-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{81a02362-5a79-11dd-9a99-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81a02362-5a79-11dd-9a99-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b464253e-9f9f-11d9-8dd5-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\GMTsetup.exe -- [2004/11/19 05:48:43 | 06,208,401 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\*.tmp files]
[481 C:\WINDOWS\System32\*.tmp files]
[46 C:\Documents and Settings\Ou Lee\Desktop\*.tmp files]
[2009/09/12 00:30:25 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ou Lee\Desktop\OTL.exe
[2009/09/12 00:28:33 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/09/12 00:26:39 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ou Lee\Desktop\OTM.exe
[2009/09/11 16:59:07 | 00,418,816 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\SenecaReplacementsWaitingFor.xls
[2009/09/11 07:29:45 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\settings.dat
[2009/09/11 07:29:30 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ou Lee\Desktop\RootRepeal.exe
[2009/09/11 07:28:44 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\RootRepeal.zip
[2009/09/09 22:52:46 | 53,587,1488 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/09 22:29:12 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Ou Lee\Desktop\ATF-Cleaner.exe
[2009/09/09 21:49:48 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/09 21:47:58 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Ou Lee\Desktop\Rooter.exe
[2009/09/08 21:38:40 | 00,245,103 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\JavaRa.def
[2009/09/08 21:38:40 | 00,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Ou Lee\Desktop\JavaRa.exe
[2009/09/08 21:37:36 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\JavaRa.zip
[2009/09/08 21:36:24 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 21:36:23 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 21:36:23 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 21:13:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/09/08 19:40:33 | 00,103,585 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\IMG_0984.JPG
[2009/09/03 18:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ou Lee\Desktop\TO
[2009/09/01 22:21:32 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Ou Lee\My Documents\GMAT Essays.doc
[2009/09/01 11:37:16 | 00,121,609 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\ST-100.pdf
[2009/08/27 22:05:04 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Ou Lee\My Documents\GMAT.xls
[2009/08/23 01:05:22 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/18 16:56:30 | 00,855,670 | ---- | C] () -- C:\Documents and Settings\Ou Lee\Desktop\1.bmp
[2009/05/01 08:08:57 | 00,050,176 | -HS- | C] () -- C:\WINDOWS\System32\bulilufu.dll
[2008/12/02 12:05:25 | 00,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2008/12/02 12:05:25 | 00,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2008/12/02 11:35:19 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/12/02 11:35:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/02 11:34:54 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2008/12/02 11:34:51 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/02 11:34:50 | 00,009,853 | ---- | C] () -- C:\WINDOWS\HL-2170W.INI
[2008/12/02 11:29:05 | 00,000,333 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/10/13 23:14:25 | 00,001,247 | ---- | C] () -- C:\WINDOWS\PIPIPlayer.INI
[2008/04/19 15:19:13 | 00,000,125 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2008/04/19 15:19:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2008/04/19 15:19:00 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2008/04/19 11:08:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2008/04/19 11:08:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2007/10/11 19:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/05 22:59:05 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/27 13:28:42 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/11 18:33:49 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/12/20 20:15:28 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/20 20:15:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/13 12:47:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2005/08/19 13:00:46 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\CtSACKey.sys
[2005/08/11 14:20:31 | 00,000,068 | ---- | C] () -- C:\WINDOWS\FastAIT.INI
[2005/06/19 03:49:00 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/06/08 18:18:32 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/02 04:16:28 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\hpgt4850.dll
[2005/06/01 04:46:30 | 11,194,368 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2005/06/01 04:46:30 | 00,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2005/06/01 04:46:30 | 00,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2005/05/31 20:46:23 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A453D9DE65.sys
[2005/05/11 21:14:20 | 00,000,467 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/24 12:56:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/02/13 21:08:12 | 00,012,523 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2005/02/13 20:59:05 | 00,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2005/02/13 20:59:05 | 00,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2005/02/13 20:59:01 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\REG32.DLL
[2005/02/13 20:58:59 | 00,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2004/12/12 11:39:52 | 00,000,179 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/20 18:19:24 | 00,009,665 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/18 16:31:22 | 00,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2004/08/27 19:41:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/02 12:35:56 | 00,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2004/08/02 12:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2004/05/08 20:23:03 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/03/27 16:52:16 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/03/27 16:52:16 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/03/27 16:52:16 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/03/20 16:30:49 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/20 16:30:48 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2004/03/20 16:30:48 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/10/06 14:16:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 14:16:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 14:16:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 14:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/19 18:47:26 | 00,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/12 20:57:20 | 00,007,359 | ---- | C] () -- C:\WINDOWS\ENGINEEXT.INI
[2003/08/10 20:30:53 | 00,000,090 | ---- | C] () -- C:\WINDOWS\chssbase.ini
[2003/06/18 22:24:51 | 00,001,317 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/05/04 17:14:44 | 00,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/03/30 11:02:01 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/03/30 11:02:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2003/03/30 11:01:57 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/03/30 11:01:57 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/03/27 15:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/07 06:13:10 | 01,032,266 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/02/20 19:08:58 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\SECUMAX.DLL
[2003/02/20 19:08:57 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\IMAGEDLL.DLL
[2003/02/09 21:08:01 | 00,000,343 | ---- | C] () -- C:\WINDOWS\encarta.ini
[2003/02/09 21:07:59 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/01/31 12:00:12 | 00,134,464 | ---- | C] () -- C:\WINDOWS\GLCV20DR.DLL
[2003/01/31 12:00:04 | 00,556,560 | ---- | C] () -- C:\WINDOWS\MTL.DLL
[2003/01/31 11:59:27 | 00,011,616 | ---- | C] () -- C:\WINDOWS\GLFS20DR.DLL
[2003/01/25 21:34:46 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SMAX10.DLL
[2002/12/24 14:43:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/12/22 19:43:52 | 00,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2002/12/19 17:37:27 | 00,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/12/19 17:31:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SLS.INI
[2002/12/16 19:21:43 | 00,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/12 03:25:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/12 03:16:14 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2002/12/12 03:15:53 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2002/12/12 03:15:53 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2002/12/12 03:15:53 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/12/12 03:15:29 | 00,000,190 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/12/12 03:12:04 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/12 02:51:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 16:54:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/09 16:54:02 | 00,001,211 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 10:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/03/26 20:18:27 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/02/06 11:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/19 20:05:18 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/25 21:23:00 | 00,000,792 | ---- | C] () -- C:\WINDOWS\acroread.ini

========== Files - Modified Within 30 Days ==========

[4 C:\*.tmp files]
[481 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[12 C:\Documents and Settings\Ou Lee\My Documents\*.tmp files]
[46 C:\Documents and Settings\Ou Lee\Desktop\*.tmp files]
[2009/09/12 00:43:34 | 18,032,928 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/12 00:40:07 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011UA.job
[2009/09/12 00:30:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ou Lee\Desktop\OTL.exe
[2009/09/12 00:27:15 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ou Lee\Desktop\OTM.exe
[2009/09/12 00:07:09 | 00,335,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/12 00:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\trotsubb.job
[2009/09/11 22:31:08 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/11 22:30:36 | 00,000,333 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2009/09/11 22:30:28 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/11 22:29:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/11 22:29:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/11 22:29:33 | 53,587,1488 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 21:20:20 | 00,239,420 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/11 21:20:20 | 00,032,444 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/09/11 17:51:57 | 03,782,540 | -H-- | M] () -- C:\Documents and Settings\Ou Lee\Local Settings\Application Data\IconCache.db
[2009/09/11 16:59:11 | 00,418,816 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\SenecaReplacementsWaitingFor.xls
[2009/09/11 07:29:45 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\settings.dat
[2009/09/11 07:29:01 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\RootRepeal.zip
[2009/09/10 03:02:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 01:51:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/09 22:29:20 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Ou Lee\Desktop\ATF-Cleaner.exe
[2009/09/09 21:48:06 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Ou Lee\Desktop\Rooter.exe
[2009/09/09 20:40:11 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011Core.job
[2009/09/08 21:37:52 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\JavaRa.zip
[2009/09/08 19:41:58 | 00,103,585 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\IMG_0984.JPG
[2009/09/07 18:00:05 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/09/07 15:49:02 | 00,222,208 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 22:45:26 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Ou Lee\My Documents\GMAT Essays.doc
[2009/09/01 11:37:16 | 00,121,609 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\ST-100.pdf
[2009/08/31 22:29:59 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Ou Lee\My Documents\GMAT.xls
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/26 17:41:07 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\Google Chrome.lnk
[2009/08/21 05:46:35 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/08/21 05:46:35 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/08/18 16:57:47 | 00,855,670 | ---- | M] () -- C:\Documents and Settings\Ou Lee\Desktop\1.bmp
[2009/08/16 16:25:32 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ou Lee\Desktop\RootRepeal.exe

========== LOP Check ==========

[2009/08/09 20:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/07/22 19:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/08/23 17:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2005/05/11 18:50:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/09/05 23:22:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2007/12/05 21:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/10/01 00:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/08/09 20:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/22 23:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2005/05/21 20:05:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/09/09 23:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/06 21:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/05/06 23:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data
[2006/11/23 13:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\acccore
[2006/09/26 20:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Ahead
[2007/12/20 01:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Aim
[2008/09/28 13:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Any Video Converter
[2006/05/19 20:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\ArcSoft
[2006/11/11 23:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\BitTorrent
[2009/04/25 09:31:54 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Brother
[2008/09/23 00:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\CoreFTP
[2006/02/27 20:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\CyberLink
[2007/09/05 23:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\FileOpen
[2008/07/11 17:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\FileZilla
[2007/09/27 20:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Move Networks
[2006/03/17 16:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\NJStar
[2007/03/19 11:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\Orbit
[2005/06/12 20:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\STOPzilla!
[2007/03/25 17:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\System Requirements Lab
[2009/02/23 17:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\U3
[2008/10/13 16:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\uniblue
[2006/03/09 20:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\WinPatrol
[2009/09/05 19:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ou Lee\Application Data\ZoomBrowser EX
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/09 20:40:11 | 00,000,930 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011Core.job
[2009/09/12 00:40:07 | 00,000,982 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011UA.job
[2009/09/10 01:51:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/07 18:00:05 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/09/11 22:29:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/12 00:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\trotsubb.job
[2005/10/13 12:41:41 | 00,000,216 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg .job

========== Purity Check ==========


< End of report >

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 12th September 2009, 1:00 pm

EXTRAS LOG:

OTL Extras logfile created on: 9/12/2009 12:31:44 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ou Lee\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 124.35 Mb Available Physical Memory | 24.34% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.27% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 24.96 Gb Free Space | 22.34% Space Free | Partition Type: NTFS
Drive D: | 84.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN1
Current User Name: Ou Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = E$.file] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"88:UDP" = 88:UDP:*:Enabled:xbox2
"3074:TCP" = 3074:TCP:*:Enabled:xbox3
"3074:UDP" = 3074:UDP:*:Enabled:xbox4
"53:TCP" = 53:TCP:*:Enabled:xbox5
"53:UDP" = 53:UDP:*:Enabled:xbox6
"57397:TCP" = 57397:TCP:*:Enabled:Pando Media Booster
"57397:UDP" = 57397:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AMERIC~2.0A -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1105821942\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1105821942\EE\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1105821942\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1105821942\ee\aolservicehost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\pipi\jfCacheMgr.exe" = C:\Program Files\pipi\jfCacheMgr.exe:*:Enabled:jfCacheMgr(http://www.pipi.cn) -- (????)
"C:\Program Files\pipi\KmLiveUpdate.exe" = C:\Program Files\pipi\KmLiveUpdate.exe:*:Enabled:KmLiveUpdate(http://www.pipi.cn) -- (????)
"C:\Program Files\pipi\PIPIPlayer.exe" = C:\Program Files\pipi\PIPIPlayer.exe:*:Enabled:PIPIPlayer -- (????)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}" = FastAIT 2005
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{345CECE8-C128-4AEF-B313-177EA44BB7DC}" = Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{363798A0-FE16-4BA8-8119-572A02202DBF}" = PHStat2 version 2.5
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}" = LINGO 11.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Editing
"{469436E4-A436-4a2f-8113-239EE6D1A60F}" = HP Scanjet 4800 series
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.00
"{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}" = SAPI5_Common
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}" = OpenMG Secure Module 3.4.00
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.00
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80F43AED-4C21-4974-BB4F-CBE48E771092}" = Brother HL-2170W
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{962DE60D-D080-4E77-BD0C-F97A179C50B7}" = Microsoft Windows Vista Upgrade Advisor
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A54B9A7-24FC-11D5-AEEB-003065C8BCFC}" = SAT Diagnostic
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A62BD951-6BBD-4338-8F2E-064A39ABA564}" = ɽ 2004
"{A75FFDA5-DAE0-4EB0-B785-84B042CDDE0C}" = NOMAD MuVo
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFDEB866-9354-4346-B546-AB93F98EDC85}" = WebMail Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}" = RealSpeak_Solo_Common_for_Panasonic
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D76E8E9D-1198-4585-BEFB-D11A68BBC194}" = hpg4850QFolder
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA12E3FF-60E1-43E0-8E64-C43890A596AE}" = RealSpeak_Solo_English_for_Panasonic
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}" = hp deskjet 6122
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EF5E0420-A5D9-11D5-95E3-0090270DC2DC}" = YP-700 yepp Explorer
"{F5DA4BCE-78D3-4B15-A74B-1688A6EF38E3}" = hpg4850
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG 8.5
"BitLord" = BitLord 1.1
"Cablenut" = Cablenut 4.08
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"Core FTP LE 2.0" = Core FTP LE 2.0
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"Exchanger XML Lite 3.2" = Exchanger XML Lite 3.2
"ffdshow" = ffdshow
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Hover_is1" = Hover
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"HTML Catalog Maker (Trial Version)_is1" = HTML Catalog Maker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"InterActual Player" = InterActual Player
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = MuVo Driver
"NJStar Chinese WP" = NJStar Chinese WP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PIPI_is1" = PIPI 2.3.0.1
"Prism" = Prism Video Converter
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registry Defragmentation" = Registry Defragmentation
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SimNet XPert PageOut Learning 3.1" = SimNet XPert PageOut Learning 3.1
"Smart Explorer_is1" = Smart Explorer 6.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 80" = Condition Zero
"System Requirements Lab" = System Requirements Lab
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 2.25
"w_spf2x" = Super Puzzle Fighter II Turbo
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XML Marker_is1" = XML Marker version 1.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2009 11:47:31 AM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/4/2009 12:05:21 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/4/2009 12:20:34 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/4/2009 12:20:42 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/4/2009 12:20:57 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/4/2009 12:25:14 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/6/2009 5:57:03 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/6/2009 5:57:10 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/6/2009 5:57:16 PM | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11706
Description = Product: Dell Picture Studio - Dell Image Expert -- Error 1706.No
valid source could be found for product Dell Picture Studio - Dell Image Expert.
The Windows Installer cannot continue.

Error - 9/8/2009 9:41:01 PM | Computer Name = MAIN1 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

[ System Events ]
Error - 9/9/2009 10:51:56 PM | Computer Name = MAIN1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/9/2009 10:54:32 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/10/2009 10:57:15 AM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/10/2009 4:47:54 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/10/2009 10:12:26 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/11/2009 7:11:52 AM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/11/2009 1:14:15 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/11/2009 4:19:30 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/11/2009 9:02:07 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 9/11/2009 10:30:37 PM | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2


< End of report >

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by darkx2987 on 12th September 2009, 2:07 pm

The google redirect virus is still present

darkx2987
Novice
Novice

Posts Posts : 19
Joined Joined : 2009-09-09
OS OS : XP
Points Points : 26501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hijack This! Log.

Post by Dr Jay on 12th September 2009, 6:30 pm

Hi

It appears the situation got worse. No matter, time to take a different route.

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] to your Desktop.

**Note:
In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

  • During the download, rename Combofix to Combo-Fix as follows:




  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on [You must be registered and logged in to see this link.] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------



    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------


  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

  • **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    If you still cannot get this to run, try booting into Safe Mode, and run it there.

    To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode."

    If this doesn't work either, try the same method (above method), but name
    Combofix.exe to iexplore.exe instead, or winlogon.exe.
    This is because it also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    ==
    I suspect you are running three antivirus programs.

    Download Security Check by screen317 from [You must be registered and logged in to see this link.].
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    In your next reply, please include the ComboFix log and the Checkup log - also, please tell me how your computer is running.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 12th September 2009, 8:40 pm

    They said the message was too long so i'm going to break down the COMBO FIX log into 3 parts

    PART 1:
    ComboFix 09-09-11.05 - Ou Lee 09/12/2009 15:24.3.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.339 [GMT -4:00]
    Running from: c:\documents and settings\Ou Lee\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\extensions\{A18664CF-AF25-4867-A9AC-2787D8D0F8F3}
    c:\program files\Mozilla Firefox\extensions\{A18664CF-AF25-4867-A9AC-2787D8D0F8F3}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{A18664CF-AF25-4867-A9AC-2787D8D0F8F3}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{A18664CF-AF25-4867-A9AC-2787D8D0F8F3}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{D9A864BD-24A0-4458-8963-022B9907F4B1}
    c:\program files\Mozilla Firefox\extensions\{D9A864BD-24A0-4458-8963-022B9907F4B1}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{D9A864BD-24A0-4458-8963-022B9907F4B1}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{D9A864BD-24A0-4458-8963-022B9907F4B1}\install.rdf
    c:\program files\Mozilla Firefox\extensions\{EE734547-B96D-4C0A-B037-5BF17E1B8D04}
    c:\program files\Mozilla Firefox\extensions\{EE734547-B96D-4C0A-B037-5BF17E1B8D04}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{EE734547-B96D-4C0A-B037-5BF17E1B8D04}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{EE734547-B96D-4C0A-B037-5BF17E1B8D04}\install.rdf
    C:\VDM435.tmp
    C:\VDM436.tmp
    C:\VDM7.tmp
    C:\VDM8.tmp
    c:\windows\Installer\2d5ea.msp
    c:\windows\Installer\2d5fd.msp
    c:\windows\Installer\2d61f.msp
    c:\windows\Installer\2d638.msp
    c:\windows\Installer\2f80e2.msi
    c:\windows\Installer\376d7.msp
    c:\windows\Installer\545ab.msi
    c:\windows\Installer\8d036.msi
    c:\windows\Installer\a9656c.msi
    c:\windows\Installer\WMEncoder.msi
    c:\windows\system32\bulilufu.dll
    c:\windows\system32\Data
    c:\windows\system32\images
    c:\windows\system32\images\i1.gif
    c:\windows\system32\images\i2.gif
    c:\windows\system32\images\i3.gif
    c:\windows\system32\images\j1.gif
    c:\windows\system32\images\j2.gif
    c:\windows\system32\images\j3.gif
    c:\windows\system32\images\jj1.gif
    c:\windows\system32\images\jj2.gif
    c:\windows\system32\images\jj3.gif
    c:\windows\system32\images\l1.gif
    c:\windows\system32\images\l2.gif
    c:\windows\system32\images\l3.gif
    c:\windows\system32\images\pix.gif
    c:\windows\system32\images\t1.gif
    c:\windows\system32\images\t2.gif
    c:\windows\system32\images\up1.gif
    c:\windows\system32\images\up2.gif
    c:\windows\system32\images\w1.gif
    c:\windows\system32\images\w11.gif
    c:\windows\system32\images\w2.gif
    c:\windows\system32\images\w3.gif
    c:\windows\system32\images\w3.jpg
    c:\windows\system32\images\wt1.gif
    c:\windows\system32\images\wt2.gif
    c:\windows\system32\images\wt3.gif

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
    .

    2009-09-12 04:28 . 2009-09-12 04:28 -------- d-----w- C:\_OTM
    2009-09-10 01:49 . 2009-09-10 01:49 -------- d-----w- C:\Rooter$

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-12 19:19 . 2009-08-09 23:03 342560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-09-12 19:19 . 2009-08-09 23:03 33188 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-09-12 19:19 . 2009-08-09 23:03 249860 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-09-12 19:19 . 2009-08-09 23:03 18575904 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-09-10 03:24 . 2005-05-11 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-09-09 01:39 . 2005-05-29 01:13 -------- d-----w- c:\program files\Java
    2009-09-07 01:35 . 2008-04-19 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2009-09-05 23:33 . 2008-04-19 01:12 -------- d-----w- c:\documents and settings\Ou Lee\Application Data\ZoomBrowser EX
    2009-09-05 21:10 . 2009-04-01 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-23 00:47 . 2002-12-15 22:33 105632 -c--a-w- c:\documents and settings\Perry Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-16 22:23 . 2009-07-12 18:01 -------- d-----w- c:\program files\Steam
    2009-08-10 00:11 . 2009-08-09 22:44 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2009-08-10 00:11 . 2009-08-09 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-08-05 09:11 . 2004-03-20 20:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 17:36 . 2009-04-05 18:55 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 17:36 . 2009-04-05 18:55 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-01 21:43 . 2004-05-04 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-01 21:41 . 2005-06-13 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-25 09:23 . 2009-07-11 19:48 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-18 15:48 . 2009-04-30 03:49 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-07-17 18:55 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 03:43 . 2003-03-16 21:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-26 15:59 . 2004-02-06 22:05 668160 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 15:59 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-17 15:49 . 2009-04-30 03:49 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-16 14:55 . 2002-08-29 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:55 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2005-06-11 23:50 . 2005-06-11 23:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2003-03-23 01:22 . 2003-03-23 01:22 1521431 -c--a-w- c:\program files\appr146.exe
    2007-07-25 02:17 . 2006-08-31 23:34 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-06-01 00:47 . 2005-06-01 00:46 56 -csh--r- c:\windows\SYSTEM32\A453D9DE65.sys
    .

    ((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\SYSTEM32\tzchange.exe
    + 2002-08-29 11:00 . 2009-06-12 11:50 76288 c:\windows\SYSTEM32\telnet.exe
    + 2004-09-06 14:18 . 2007-07-27 14:41 26488 c:\windows\SYSTEM32\spupdsvc.exe
    - 2004-09-06 14:18 . 2008-07-09 07:38 26488 c:\windows\SYSTEM32\spupdsvc.exe
    + 2006-12-04 02:05 . 2008-07-08 13:02 17272 c:\windows\SYSTEM32\spmsg.dll
    - 2006-12-04 02:05 . 2008-07-09 07:38 17272 c:\windows\SYSTEM32\spmsg.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 35328 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvwddi.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 81920 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvsvc32.exe
    + 2009-07-26 20:57 . 2003-10-06 18:16 49152 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvmctray.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 27136 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvcod.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 39424 c:\windows\SYSTEM32\pngfilt.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 39424 c:\windows\SYSTEM32\pngfilt.dll
    + 2009-07-12 18:36 . 1999-01-29 04:28 29184 c:\windows\SYSTEM32\picn20.dll
    + 2002-12-12 07:03 . 2009-05-12 23:41 71060 c:\windows\SYSTEM32\PERFC009.DAT
    - 2002-12-12 07:03 . 2009-05-03 00:17 71060 c:\windows\SYSTEM32\PERFC009.DAT
    + 2003-10-06 18:16 . 2006-10-22 16:22 81920 c:\windows\SYSTEM32\nvwddi.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 86016 c:\windows\SYSTEM32\nvmctray.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 45056 c:\windows\SYSTEM32\nvmccsrs.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 35840 c:\windows\SYSTEM32\nvcodins.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 35840 c:\windows\SYSTEM32\nvcod.dll
    + 2007-11-09 02:06 . 2009-08-15 12:44 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
    - 2007-11-09 02:06 . 2008-11-30 03:31 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
    - 2002-08-29 11:00 . 2009-02-20 08:14 16384 c:\windows\SYSTEM32\jsproxy.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 16384 c:\windows\SYSTEM32\jsproxy.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 96256 c:\windows\SYSTEM32\inseng.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 96256 c:\windows\SYSTEM32\inseng.dll
    + 2004-08-04 07:56 . 2009-06-26 15:59 55808 c:\windows\SYSTEM32\extmgr.dll
    - 2004-08-04 07:56 . 2009-02-20 08:14 55808 c:\windows\SYSTEM32\extmgr.dll
    + 2002-08-29 11:00 . 2004-08-04 07:56 18944 c:\windows\SYSTEM32\DLLCACHE\wbemprox.dll
    + 2002-08-29 11:00 . 2009-06-12 11:50 76288 c:\windows\SYSTEM32\DLLCACHE\telnet.exe
    - 2009-04-17 01:20 . 2009-02-06 09:54 35328 c:\windows\SYSTEM32\DLLCACHE\sc.exe
    + 2002-08-29 11:00 . 2009-02-06 09:54 35328 c:\windows\SYSTEM32\DLLCACHE\sc.exe
    + 2002-08-29 11:00 . 2009-06-26 15:59 39424 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 39424 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
    + 2002-08-29 11:00 . 2004-08-04 07:56 83456 c:\windows\SYSTEM32\DLLCACHE\olepro32.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 16384 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 16384 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 96256 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 96256 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
    + 2004-08-04 07:56 . 2009-06-26 15:59 81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
    - 2004-08-04 07:56 . 2009-02-20 08:14 81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
    - 2004-08-04 07:56 . 2009-02-19 09:50 18432 c:\windows\SYSTEM32\DLLCACHE\iedw.exe
    + 2004-08-04 07:56 . 2009-06-22 11:40 18432 c:\windows\SYSTEM32\DLLCACHE\iedw.exe
    + 2002-08-29 11:00 . 2009-06-16 14:55 82432 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll
    - 2004-08-04 07:56 . 2009-02-20 08:14 55808 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
    + 2004-08-04 07:56 . 2009-06-26 15:59 55808 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
    - 2002-08-29 11:00 . 2004-08-04 07:56 84992 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll
    + 2002-08-29 11:00 . 2009-06-10 14:21 84992 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll
    + 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
    - 2002-08-29 11:00 . 2004-08-04 07:56 84992 c:\windows\SYSTEM32\avifil32.dll
    + 2002-08-29 11:00 . 2009-06-10 14:21 84992 c:\windows\SYSTEM32\avifil32.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-11-14 20:38 . 2005-11-14 20:38 72192 c:\windows\Installer\dd9d9.msp
    + 2008-12-02 16:07 . 2008-12-02 16:07 93696 c:\windows\Installer\2f80e1.msi
    + 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\178bd6e.msp
    + 2008-10-13 19:25 . 2008-10-13 19:25 88576 c:\windows\Installer\16e4824.msi
    - 2002-09-09 20:54 . 2009-04-17 04:53 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2009-04-17 04:51 . 2009-04-17 04:51 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-06-11 14:51 . 2009-06-11 14:51 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2009-07-12 18:01 . 2009-07-12 18:01 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
    + 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
    + 2006-10-27 01:07 . 2006-10-27 01:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
    - 2007-06-05 01:23 . 2008-07-22 23:03 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
    + 2007-06-05 01:23 . 2009-06-20 00:59 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
    + 2009-05-13 03:01 . 2009-05-13 03:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
    + 2009-05-13 02:57 . 2009-05-13 02:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
    + 2009-05-13 02:55 . 2009-05-13 02:55 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
    + 2009-05-15 18:25 . 2009-05-15 18:25 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 39424 c:\windows\$NtUninstallKB972260$\pngfilt.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 16384 c:\windows\$NtUninstallKB972260$\jsproxy.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 96256 c:\windows\$NtUninstallKB972260$\inseng.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 81920 c:\windows\$NtUninstallKB972260$\ieencode.dll
    + 2009-07-29 16:20 . 2009-04-27 09:29 18432 c:\windows\$NtUninstallKB972260$\iedw.exe
    + 2009-07-29 16:20 . 2009-04-29 04:31 55808 c:\windows\$NtUninstallKB972260$\extmgr.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 39424 c:\windows\$NtUninstallKB969897$\pngfilt.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 16384 c:\windows\$NtUninstallKB969897$\jsproxy.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 96256 c:\windows\$NtUninstallKB969897$\inseng.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 81920 c:\windows\$NtUninstallKB969897$\ieencode.dll
    + 2009-06-11 14:49 . 2009-02-19 09:50 18432 c:\windows\$NtUninstallKB969897$\iedw.exe
    + 2009-06-11 14:49 . 2009-02-20 08:14 55808 c:\windows\$NtUninstallKB969897$\extmgr.dll
    + 2009-07-15 23:11 . 2005-10-17 21:14 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
    + 2009-07-29 16:21 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260\update\spcustom.dll
    + 2009-07-29 16:21 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260\spmsg.dll
    + 2009-06-26 16:42 . 2009-06-26 16:42 81920 c:\windows\$hf_mig$\KB972260\SP3QFE\ieencode.dll
    + 2009-06-26 16:50 . 2009-06-26 16:50 81920 c:\windows\$hf_mig$\KB972260\SP3GDR\ieencode.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
    + 2009-06-11 14:47 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
    + 2009-06-11 14:47 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
    + 2009-06-11 14:50 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897\update\spcustom.dll
    + 2009-06-11 14:50 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897\spmsg.dll
    + 2009-04-29 04:21 . 2009-04-29 04:21 81920 c:\windows\$hf_mig$\KB969897\SP3QFE\ieencode.dll
    + 2009-04-29 04:46 . 2009-04-29 04:46 81920 c:\windows\$hf_mig$\KB969897\SP3GDR\ieencode.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
    + 2009-06-11 14:50 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
    + 2009-06-11 14:50 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
    + 2009-07-15 23:11 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
    + 2009-07-15 23:11 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
    + 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
    + 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\$hf_mig$\KB961371\SP3GDR\fontsub.dll
    + 2009-06-16 14:45 . 2009-06-16 14:45 81920 c:\windows\$hf_mig$\KB961371\SP2QFE\fontsub.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2002-08-29 11:00 . 2004-08-04 07:56 5632 c:\windows\SYSTEM32\DLLCACHE\cisvc.exe
    + 2002-08-29 11:00 . 2002-08-29 11:00 8192 c:\windows\SYSTEM32\DLLCACHE\cidaemon.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2009-05-12 23:40 . 2009-05-12 23:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2005-05-17 00:25 . 2009-06-22 11:26 352768 c:\windows\SYSTEM32\xpsp3res.dll
    + 2008-09-20 13:16 . 2009-06-10 06:32 132096 c:\windows\SYSTEM32\wkssvc.dll
    - 2008-09-20 13:16 . 2006-08-17 12:28 132096 c:\windows\SYSTEM32\wkssvc.dll
    + 2009-07-12 18:36 . 1999-03-25 23:00 101888 c:\windows\SYSTEM32\VB6STKIT.DLL
    + 2004-01-21 21:20 . 2009-06-26 15:59 620032 c:\windows\SYSTEM32\urlmon.dll
    - 2004-07-07 22:48 . 2009-02-20 08:14 474112 c:\windows\SYSTEM32\shlwapi.dll
    + 2004-07-07 22:48 . 2009-06-26 15:59 474112 c:\windows\SYSTEM32\shlwapi.dll
    + 2004-04-17 22:01 . 2009-04-15 15:11 584192 c:\windows\SYSTEM32\rpcrt4.dll
    - 2004-04-17 22:01 . 2007-07-09 13:09 584192 c:\windows\SYSTEM32\rpcrt4.dll
    + 2004-02-08 18:32 . 2009-06-21 15:45 906324 c:\windows\SYSTEM32\Restore\rstrlog.dat
    + 2009-07-26 20:57 . 2003-10-06 18:16 741376 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nwiz.exe
    + 2009-07-26 20:57 . 2003-10-06 18:16 430152 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvshell.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 225280 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvnt4cpl.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 131072 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvinstnt.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 552960 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nviewimg.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 393216 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvappbar.exe
    + 2009-07-26 20:57 . 2003-10-06 18:16 290816 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\keystone.exe
    + 2002-12-12 07:03 . 2009-05-12 23:41 441124 c:\windows\SYSTEM32\PERFH009.DAT
    - 2002-12-12 07:03 . 2009-05-03 00:17 441124 c:\windows\SYSTEM32\PERFH009.DAT
    + 2009-07-26 20:56 . 2006-10-22 19:06 208896 c:\windows\SYSTEM32\NVUNINST.EXE
    + 2004-08-15 22:20 . 2006-10-22 19:06 208896 c:\windows\SYSTEM32\nvudisp.exe
    + 2003-10-06 18:16 . 2006-10-22 16:22 159810 c:\windows\SYSTEM32\nvsvc32.exe
    + 2003-10-06 18:16 . 2006-10-22 16:22 466944 c:\windows\SYSTEM32\nvshell.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 286720 c:\windows\SYSTEM32\nvnt4cpl.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 888832 c:\windows\SYSTEM32\nvmobls.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 458752 c:\windows\SYSTEM32\nvmccssr.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 188416 c:\windows\SYSTEM32\nvmccss.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 229376 c:\windows\SYSTEM32\nvmccs.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 581632 c:\windows\SYSTEM32\nvhwvid.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 311296 c:\windows\SYSTEM32\nvexpbar.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 794624 c:\windows\SYSTEM32\nvcplui.exe
    + 2006-10-22 16:22 . 2006-10-22 16:22 147456 c:\windows\SYSTEM32\nvcolor.exe
    + 2003-10-06 18:16 . 2006-10-22 16:22 442368 c:\windows\SYSTEM32\nvappbar.exe
    + 2006-10-22 16:22 . 2006-10-22 16:22 212992 c:\windows\SYSTEM32\nvapi.dll
    + 2002-08-29 11:00 . 2009-06-05 07:42 655872 c:\windows\SYSTEM32\mstscax.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 532480 c:\windows\SYSTEM32\mstime.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 532480 c:\windows\SYSTEM32\mstime.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 146432 c:\windows\SYSTEM32\msrating.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 146432 c:\windows\SYSTEM32\msrating.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 449024 c:\windows\SYSTEM32\mshtmled.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 449024 c:\windows\SYSTEM32\mshtmled.dll
    + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-09-20 13:16 . 2009-05-07 15:44 344064 c:\windows\SYSTEM32\localspl.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 425984 c:\windows\SYSTEM32\keystone.exe
    + 2003-01-13 19:57 . 2009-08-21 09:46 450560 c:\windows\SYSTEM32\jscript.dll
    - 2003-01-13 19:57 . 2007-12-18 14:40 450560 c:\windows\SYSTEM32\jscript.dll
    + 2009-09-09 01:36 . 2009-07-25 09:23 149280 c:\windows\SYSTEM32\javaws.exe
    + 2009-09-09 01:36 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\javaw.exe
    + 2009-09-09 01:36 . 2009-07-25 09:23 145184 c:\windows\SYSTEM32\java.exe
    + 2002-08-29 11:00 . 2009-06-26 15:59 251904 c:\windows\SYSTEM32\iepeers.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 251904 c:\windows\SYSTEM32\iepeers.dll
    + 2009-07-12 18:36 . 1999-02-25 10:32 122880 c:\windows\SYSTEM32\fxtls532.dll
    - 2002-09-09 20:55 . 2009-03-11 14:28 386408 c:\windows\SYSTEM32\FNTCACHE.DAT
    + 2002-09-09 20:55 . 2009-06-11 14:55 386408 c:\windows\SYSTEM32\FNTCACHE.DAT
    + 2002-08-29 11:00 . 2009-06-26 15:59 205312 c:\windows\SYSTEM32\dxtrans.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 205312 c:\windows\SYSTEM32\dxtrans.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 357888 c:\windows\SYSTEM32\dxtmsft.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 357888 c:\windows\SYSTEM32\dxtmsft.dll
    + 2009-08-09 22:54 . 2009-02-18 18:41 186128 c:\windows\SYSTEM32\DRIVERS\klif.sys
    + 2003-03-16 21:09 . 2009-07-14 03:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
    + 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll
    - 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll
    + 2006-05-10 05:23 . 2009-06-26 15:59 668160 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
    - 2006-05-10 05:23 . 2009-02-20 08:14 668160 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
    + 2006-05-10 05:23 . 2009-06-26 15:59 620032 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
    + 2002-08-29 11:00 . 2009-06-21 22:04 153088 c:\windows\SYSTEM32\DLLCACHE\triedit.dll
    - 2002-08-29 11:00 . 2004-08-04 07:56 153088 c:\windows\SYSTEM32\DLLCACHE\triedit.dll
    + 2002-08-29 11:00 . 2009-06-16 14:55 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll
    + 2004-07-07 22:48 . 2009-06-26 15:59 474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
    - 2004-07-07 22:48 . 2009-02-20 08:14 474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
    - 2007-10-10 21:02 . 2007-07-09 13:09 584192 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll
    + 2007-10-10 21:02 . 2009-04-15 15:11 584192 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll
    + 2004-03-20 20:30 . 2009-08-05 09:11 204800 c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll
    + 2002-08-29 11:00 . 2009-06-05 07:42 655872 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 532480 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 532480 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 146432 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 146432 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 449024 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 449024 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
    + 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\SYSTEM32\DLLCACHE\localspl.dll
    - 2006-05-18 05:24 . 2007-12-18 14:40 450560 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
    + 2006-05-18 05:24 . 2009-08-21 09:46 450560 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 251904 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 251904 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 205312 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 205312 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 357888 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 357888 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
    + 2004-03-20 20:30 . 2004-08-04 07:56 367616 c:\windows\SYSTEM32\DLLCACHE\dsound.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 151040 c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 151040 c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 151040 c:\windows\SYSTEM32\cdfview.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 151040 c:\windows\SYSTEM32\cdfview.dll
    + 2008-10-13 19:34 . 2008-10-13 19:34 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
    + 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    - 2008-07-25 15:17 . 2008-07-25 15:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2006-06-12 19:15 . 2006-06-12 19:15 323584 c:\windows\Installer\dda10.msp
    + 2004-08-25 12:52 . 2004-08-25 12:52 376832 c:\windows\Installer\dd9b6.msp
    + 2009-08-21 20:40 . 2009-08-21 20:40 288768 c:\windows\Installer\dd30c.msi
    + 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\d2e2d.msp
    + 2005-10-31 14:56 . 2005-10-31 14:56 101376 c:\windows\Installer\cfc79.msi
    + 2007-10-13 04:42 . 2007-10-13 04:42 470528 c:\windows\Installer\cc018e.msi
    + 2007-10-13 03:54 . 2007-10-13 03:54 355328 c:\windows\Installer\cc013c.msi
    + 2009-04-20 18:59 . 2009-04-20 18:59 219648 c:\windows\Installer\b6a45.msp
    + 2009-01-22 15:40 . 2009-01-22 15:40 152576 c:\windows\Installer\89f2b.msi
    + 2005-10-13 16:40 . 2005-10-13 16:40 121344 c:\windows\Installer\6ce9c6.msi
    + 2005-10-13 16:40 . 2005-10-13 16:40 994304 c:\windows\Installer\6ce9c1.msi
    + 2009-07-11 19:48 . 2009-07-11 19:48 536576 c:\windows\Installer\6b9048.msi
    + 2005-10-13 16:39 . 2005-10-13 16:39 121344 c:\windows\Installer\65ebcc.msi
    + 2005-10-13 16:39 . 2005-10-13 16:39 239616 c:\windows\Installer\65ebc7.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 402944 c:\windows\Installer\65ebc0.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 131072 c:\windows\Installer\65eb4e.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 210432 c:\windows\Installer\65eb48.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 137728 c:\windows\Installer\65eb43.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 123904 c:\windows\Installer\65eb3e.msi
    + 2005-10-13 16:38 . 2005-10-13 16:38 135680 c:\windows\Installer\65eb38.msi
    + 2005-10-13 16:37 . 2005-10-13 16:37 124416 c:\windows\Installer\65eb32.msi
    + 2005-10-13 16:37 . 2005-10-13 16:37 123904

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 12th September 2009, 8:40 pm

    COMBO FIX PART 2:

    c:\windows\Installer\65eb2d.msi
    + 2005-10-13 16:36 . 2005-10-13 16:36 260608 c:\windows\Installer\65eb08.msi
    + 2005-10-13 16:35 . 2005-10-13 16:35 121344 c:\windows\Installer\65eaff.msi
    + 2005-10-13 16:31 . 2005-10-13 16:31 303104 c:\windows\Installer\5f379f.msi
    + 2005-10-13 16:31 . 2005-10-13 16:31 353792 c:\windows\Installer\5f379a.msi
    + 2005-10-13 16:30 . 2005-10-13 16:30 121344 c:\windows\Installer\5f378e.msi
    + 2005-10-13 16:30 . 2005-10-13 16:30 315392 c:\windows\Installer\5f3789.msi
    + 2005-10-13 16:30 . 2005-10-13 16:30 299008 c:\windows\Installer\5f3780.msi
    + 2005-10-13 16:30 . 2005-10-13 16:30 491008 c:\windows\Installer\5f377a.msi
    + 2005-10-13 16:29 . 2005-10-13 16:29 247296 c:\windows\Installer\5f3775.msi
    + 2005-10-13 16:29 . 2005-10-13 16:29 589312 c:\windows\Installer\5f3770.msi
    + 2005-10-13 16:29 . 2005-10-13 16:29 175616 c:\windows\Installer\5f376a.msi
    + 2005-10-13 16:29 . 2005-10-13 16:29 121344 c:\windows\Installer\5f3762.msi
    + 2005-10-13 16:26 . 2005-10-13 16:26 120832 c:\windows\Installer\5f375d.msi
    + 2005-10-13 16:25 . 2005-10-13 16:25 744448 c:\windows\Installer\5f3752.msi
    + 2008-07-04 01:40 . 2008-07-04 01:40 532992 c:\windows\Installer\5b271a.msi
    + 2006-10-02 18:27 . 2006-10-02 18:27 458752 c:\windows\Installer\484b38.msi
    + 2008-07-10 16:02 . 2008-07-10 16:02 192000 c:\windows\Installer\4320a4.msi
    + 2006-11-19 18:56 . 2006-11-19 18:56 428544 c:\windows\Installer\431879.msi
    + 2007-02-11 04:00 . 2007-02-11 04:00 697856 c:\windows\Installer\40dba9.msi
    + 2007-03-24 01:16 . 2007-03-24 01:16 631808 c:\windows\Installer\3ab53.msi
    + 2007-03-24 01:16 . 2007-03-24 01:16 623616 c:\windows\Installer\3ab4c.msi
    + 2009-07-29 16:18 . 2009-07-29 16:18 248832 c:\windows\Installer\398eeed.msi
    + 2002-12-12 07:13 . 2002-12-12 07:13 825344 c:\windows\Installer\37719.msi
    + 2006-12-01 03:22 . 2006-12-01 03:22 537600 c:\windows\Installer\37481.msi
    + 2008-07-23 03:20 . 2008-07-23 03:20 110592 c:\windows\Installer\36c89d.msp
    + 2008-01-24 14:04 . 2008-01-24 14:04 678400 c:\windows\Installer\36c811.msp
    + 2008-12-02 16:06 . 2008-12-02 16:06 183296 c:\windows\Installer\2f80dc.msi
    + 2008-12-02 16:06 . 2008-12-02 16:06 189952 c:\windows\Installer\2f80d7.msi
    + 2009-04-30 03:49 . 2009-04-30 03:49 337408 c:\windows\Installer\2d75f.msi
    + 2009-06-20 00:59 . 2009-06-20 00:59 122880 c:\windows\Installer\220146.msi
    + 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\217774.msp
    + 2009-04-23 01:25 . 2009-04-23 01:25 979968 c:\windows\Installer\21117e.msi
    + 2008-10-13 19:35 . 2008-10-13 19:35 648192 c:\windows\Installer\17b9af8.msi
    + 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\178bd77.msp
    + 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\178bd75.msp
    + 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\178bd73.msp
    + 2008-10-13 19:33 . 2008-10-13 19:33 137728 c:\windows\Installer\178bd6d.msi
    + 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\16e4829.msp
    + 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\16e4827.msp
    + 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\16e4826.msp
    + 2008-11-12 04:05 . 2008-11-12 04:05 972800 c:\windows\Installer\15e5466.msi
    + 2008-11-12 04:03 . 2008-11-12 04:03 432640 c:\windows\Installer\15e5458.msi
    + 2006-06-08 03:54 . 2006-06-08 03:54 115712 c:\windows\Installer\159374.msi
    + 2007-08-15 18:18 . 2007-08-15 18:18 431104 c:\windows\Installer\11a461.msi
    + 2002-09-03 08:06 . 2002-09-03 08:06 264704 c:\windows\Installer\1128E.MSI
    + 2009-02-10 12:50 . 2009-02-10 12:50 536576 c:\windows\Installer\105c36.msp
    + 2002-09-09 20:54 . 2009-08-23 05:03 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    - 2002-09-09 20:54 . 2009-04-17 04:53 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
    + 2002-09-09 20:54 . 2009-08-23 05:03 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2004-06-12 19:15 . 2009-08-23 05:03 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    - 2004-06-12 19:15 . 2009-04-17 04:52 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    + 2005-11-14 19:24 . 2005-04-04 07:07 982016 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ISScript11.Msi
    + 2006-04-02 22:13 . 2005-04-04 05:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
    + 2006-08-19 04:25 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
    + 2009-05-15 18:25 . 2009-05-15 18:25 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
    + 2009-05-13 03:01 . 2009-05-13 03:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
    + 2009-05-13 03:01 . 2009-05-13 03:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
    + 2009-05-13 03:01 . 2009-05-13 03:01 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
    + 2009-05-15 18:24 . 2009-05-15 18:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
    + 2009-05-15 18:25 . 2009-05-15 18:25 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
    + 2009-05-13 02:58 . 2009-05-13 02:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
    + 2009-05-13 02:58 . 2009-05-13 02:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
    + 2009-05-13 02:58 . 2009-05-13 02:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
    + 2009-05-13 02:58 . 2009-05-13 02:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
    + 2009-05-15 18:25 . 2009-05-15 18:25 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
    + 2009-05-15 18:25 . 2009-05-15 18:25 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
    - 2008-10-13 19:35 . 2008-10-13 19:35 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
    - 2008-10-13 19:34 . 2008-10-13 19:34 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
    - 2008-10-13 19:34 . 2008-10-13 19:34 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-05-12 23:39 . 2009-05-12 23:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
    + 2009-07-29 16:20 . 2009-04-27 09:18 351744 c:\windows\$NtUninstallKB972260$\xpsp3res.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 668160 c:\windows\$NtUninstallKB972260$\wininet.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 619520 c:\windows\$NtUninstallKB972260$\urlmon.dll
    + 2009-07-29 16:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB972260$\spuninst\updspapi.dll
    + 2009-07-29 16:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB972260$\spuninst\spuninst.exe
    + 2009-07-29 16:20 . 2009-04-29 04:31 474112 c:\windows\$NtUninstallKB972260$\shlwapi.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 532480 c:\windows\$NtUninstallKB972260$\mstime.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 146432 c:\windows\$NtUninstallKB972260$\msrating.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 449024 c:\windows\$NtUninstallKB972260$\mshtmled.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 251904 c:\windows\$NtUninstallKB972260$\iepeers.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 205312 c:\windows\$NtUninstallKB972260$\dxtrans.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 357888 c:\windows\$NtUninstallKB972260$\dxtmsft.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 151040 c:\windows\$NtUninstallKB972260$\cdfview.dll
    + 2009-07-15 23:15 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
    + 2009-06-11 14:47 . 2009-02-19 09:47 351744 c:\windows\$NtUninstallKB970238$\xpsp3res.dll
    + 2009-06-11 14:47 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
    + 2009-06-11 14:47 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
    + 2009-06-11 14:47 . 2007-07-09 13:09 584192 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
    + 2009-06-11 14:49 . 2009-04-15 09:24 351744 c:\windows\$NtUninstallKB969897$\xpsp3res.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 668160 c:\windows\$NtUninstallKB969897$\wininet.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 619520 c:\windows\$NtUninstallKB969897$\urlmon.dll
    + 2009-06-11 14:50 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969897$\spuninst\updspapi.dll
    + 2009-06-11 14:50 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969897$\spuninst\spuninst.exe
    + 2009-06-11 14:49 . 2009-02-20 08:14 474112 c:\windows\$NtUninstallKB969897$\shlwapi.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 532480 c:\windows\$NtUninstallKB969897$\mstime.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 146432 c:\windows\$NtUninstallKB969897$\msrating.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 449024 c:\windows\$NtUninstallKB969897$\mshtmled.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 251904 c:\windows\$NtUninstallKB969897$\iepeers.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 205312 c:\windows\$NtUninstallKB969897$\dxtrans.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 357888 c:\windows\$NtUninstallKB969897$\dxtmsft.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 151040 c:\windows\$NtUninstallKB969897$\cdfview.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
    + 2009-06-11 14:50 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
    + 2009-06-11 14:50 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
    + 2009-06-11 14:50 . 2004-08-04 07:56 341504 c:\windows\$NtUninstallKB961501$\localspl.dll
    + 2009-07-15 23:11 . 2005-10-17 21:14 118272 c:\windows\$NtUninstallKB961371$\t2embed.dll
    + 2009-07-15 23:11 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
    + 2009-07-15 23:11 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
    + 2009-07-15 23:15 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
    + 2009-07-15 23:15 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
    + 2009-07-15 23:15 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
    + 2009-07-29 16:21 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260\update\updspapi.dll
    + 2009-07-29 16:21 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260\update\update.exe
    + 2009-07-29 16:21 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260\spuninst.exe
    + 2009-06-26 16:42 . 2009-06-26 16:42 668160 c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
    + 2009-06-26 16:42 . 2009-06-26 16:42 620544 c:\windows\$hf_mig$\KB972260\SP3QFE\urlmon.dll
    + 2009-06-26 16:50 . 2009-06-26 16:50 666624 c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
    + 2009-06-26 16:50 . 2009-06-26 16:50 620032 c:\windows\$hf_mig$\KB972260\SP3GDR\urlmon.dll
    + 2009-07-15 23:15 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
    + 2009-07-15 23:15 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
    + 2009-07-15 23:15 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
    + 2009-06-11 14:47 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
    + 2009-06-11 14:47 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
    + 2009-06-11 14:47 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
    + 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
    + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
    + 2009-04-15 09:24 . 2009-04-15 09:24 351744 c:\windows\$hf_mig$\KB970238\SP2QFE\xpsp3res.dll
    + 2009-04-15 15:26 . 2009-04-15 15:26 583168 c:\windows\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
    + 2009-06-11 14:49 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
    + 2009-06-11 14:49 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
    + 2009-06-11 14:50 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969897\update\updspapi.dll
    + 2009-06-11 14:50 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897\update\update.exe
    + 2009-06-11 14:50 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897\spuninst.exe
    + 2009-04-29 04:21 . 2009-04-29 04:21 668160 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
    + 2009-04-29 04:21 . 2009-04-29 04:21 620032 c:\windows\$hf_mig$\KB969897\SP3QFE\urlmon.dll
    + 2009-04-29 04:46 . 2009-04-29 04:46 666624 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
    + 2009-04-29 04:46 . 2009-04-29 04:46 620032 c:\windows\$hf_mig$\KB969897\SP3GDR\urlmon.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
    + 2009-06-11 14:46 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
    + 2009-06-11 14:46 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
    + 2009-06-11 14:50 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
    + 2009-06-11 14:50 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
    + 2009-06-11 14:50 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
    + 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
    + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
    + 2009-05-07 15:26 . 2009-05-07 15:26 346112 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
    + 2009-07-15 23:11 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
    + 2009-07-15 23:11 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
    + 2009-07-15 23:11 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
    + 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
    + 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\$hf_mig$\KB961371\SP3GDR\t2embed.dll
    + 2009-06-16 14:45 . 2009-06-16 14:45 119808 c:\windows\$hf_mig$\KB961371\SP2QFE\t2embed.dll
    + 2004-08-29 01:16 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\WMVCore.dll
    - 2004-08-29 01:16 . 2008-06-18 10:03 2458112 c:\windows\SYSTEM32\WMVCore.dll
    + 2008-09-20 13:16 . 2009-04-17 09:58 1846656 c:\windows\SYSTEM32\win32k.sys
    + 2002-08-29 11:00 . 2004-07-17 18:35 1326080 c:\windows\SYSTEM32\webfldrs.msi
    + 2008-11-06 16:37 . 2008-11-06 16:37 1585664 c:\windows\SYSTEM32\VC80CRTRedist.msi
    + 2004-01-21 21:15 . 2009-07-18 16:00 1509888 c:\windows\SYSTEM32\shdocvw.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 1470537 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvwdmcpl.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 3551232 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvoglnt.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 1126400 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nview.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 5058560 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvcpl.dll
    + 2009-07-26 20:57 . 2003-10-06 18:16 1550043 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nv4_mini.sys
    + 2009-07-26 20:57 . 2003-10-06 18:16 4246528 c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\nv4_disp.dll
    + 2003-05-30 14:00 . 2009-06-03 19:27 1290752 c:\windows\SYSTEM32\quartz.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 1622016 c:\windows\SYSTEM32\nwiz.exe
    + 2006-10-22 16:22 . 2006-10-22 16:22 1732608 c:\windows\SYSTEM32\nvwssr.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 1236992 c:\windows\SYSTEM32\nvwss.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 1019904 c:\windows\SYSTEM32\nvwimg.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 1662976 c:\windows\SYSTEM32\nvwdmcpl.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 2973696 c:\windows\SYSTEM32\nvvitvsr.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 2924544 c:\windows\SYSTEM32\nvvitvs.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 5644288 c:\windows\SYSTEM32\nvoglnt.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 2859008 c:\windows\SYSTEM32\nvmoblsr.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 1470464 c:\windows\SYSTEM32\nview.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 3203072 c:\windows\SYSTEM32\nvgamesr.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 3047424 c:\windows\SYSTEM32\nvgames.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 1339392 c:\windows\SYSTEM32\nvdspsch.exe
    + 2006-10-22 16:22 . 2006-10-22 16:22 5255168 c:\windows\SYSTEM32\nvdispsr.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 5619712 c:\windows\SYSTEM32\nvdisps.dll
    + 2006-10-22 16:22 . 2006-10-22 16:22 1011712 c:\windows\SYSTEM32\nvcpluir.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 7700480 c:\windows\SYSTEM32\nvcpl.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 4527488 c:\windows\SYSTEM32\nv4_disp.dll
    + 2004-07-07 22:37 . 2009-07-18 16:00 3069440 c:\windows\SYSTEM32\mshtml.dll
    + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 3994624 c:\windows\SYSTEM32\DRIVERS\nv4_mini.sys
    - 2004-08-29 01:16 . 2008-06-18 10:03 2458112 c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
    + 2004-08-29 01:16 . 2009-05-20 08:56 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
    + 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
    + 2006-05-29 15:30 . 2009-07-18 16:00 1509888 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
    - 2006-06-22 05:06 . 2006-06-22 05:06 1435648 c:\windows\SYSTEM32\DLLCACHE\query.dll
    + 2002-08-29 11:00 . 2006-06-22 05:06 1435648 c:\windows\SYSTEM32\DLLCACHE\query.dll
    + 2003-05-30 14:00 . 2009-06-03 19:27 1290752 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
    + 2003-10-06 18:16 . 2006-10-22 16:22 3994624 c:\windows\SYSTEM32\DLLCACHE\nv4_mini.sys

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 12th September 2009, 8:40 pm

    COMBO FIX PART 3:


    + 2004-05-26 18:26 . 2009-07-10 13:42 1315328 c:\windows\SYSTEM32\DLLCACHE\msoe.dll
    + 2004-07-07 22:37 . 2009-07-18 16:00 3069440 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 1054208 c:\windows\SYSTEM32\DLLCACHE\danim.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 1054208 c:\windows\SYSTEM32\DLLCACHE\danim.dll
    + 2006-05-10 05:22 . 2009-06-26 15:59 1024000 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
    - 2006-05-10 05:22 . 2009-02-20 08:14 1024000 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
    - 2002-08-29 11:00 . 2009-02-20 08:14 1054208 c:\windows\SYSTEM32\danim.dll
    + 2002-08-29 11:00 . 2009-06-26 15:59 1054208 c:\windows\SYSTEM32\danim.dll
    - 2004-01-21 21:21 . 2009-02-20 08:14 1024000 c:\windows\SYSTEM32\browseui.dll
    + 2004-01-21 21:21 . 2009-06-26 15:59 1024000 c:\windows\SYSTEM32\browseui.dll
    + 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
    + 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
    + 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    - 2008-07-29 23:16 . 2008-07-29 23:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    - 2008-07-25 15:17 . 2008-07-25 15:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2008-07-25 15:17 . 2008-07-25 15:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
    + 2007-01-18 22:14 . 2007-01-18 22:14 3463680 c:\windows\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp
    + 2009-05-01 03:02 . 2009-05-01 03:02 9628672 c:\windows\Installer\fa4af.msp
    + 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\fa49b.msp
    + 2005-08-11 18:16 . 2005-08-11 18:16 3046912 c:\windows\Installer\eaa6d0.msi
    + 2007-09-17 17:33 . 2007-09-17 17:33 8415232 c:\windows\Installer\dda32.msp
    + 2006-08-14 20:54 . 2006-08-14 20:54 7709184 c:\windows\Installer\dd990.msp
    + 2006-12-13 12:32 . 2006-12-13 12:32 5861376 c:\windows\Installer\dd95b.msp
    + 2006-09-28 15:08 . 2006-09-28 15:08 9573888 c:\windows\Installer\dd920.msp
    + 2006-02-27 20:31 . 2006-02-27 20:31 1269248 c:\windows\Installer\dd8fd.msp
    + 2006-03-28 19:37 . 2006-03-28 19:37 6956032 c:\windows\Installer\dd8da.msp
    + 2006-08-29 21:50 . 2006-08-29 21:50 3210240 c:\windows\Installer\dd8b6.msp
    + 2007-04-19 19:40 . 2007-04-19 19:40 7979008 c:\windows\Installer\dd893.msp
    + 2004-03-10 13:13 . 2004-03-10 13:13 2602496 c:\windows\Installer\dd86f.msp
    + 2004-09-13 04:35 . 2004-09-13 04:35 1452544 c:\windows\Installer\dd831.msp
    + 2006-02-22 13:41 . 2006-02-22 13:41 2815488 c:\windows\Installer\dd7c7.msp
    + 2006-07-10 15:21 . 2006-07-10 15:21 4104192 c:\windows\Installer\dd7a5.msp
    + 2008-01-14 20:08 . 2008-01-14 20:08 8411136 c:\windows\Installer\d87b9.msp
    + 2008-01-14 19:26 . 2008-01-14 19:26 4478464 c:\windows\Installer\d8797.msp
    + 2008-01-14 19:26 . 2008-01-14 19:26 8362496 c:\windows\Installer\d8771.msp
    + 2009-07-26 20:09 . 2009-07-26 20:09 1451008 c:\windows\Installer\baf036.msi
    + 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\b6a33.msp
    + 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\b6a2a.msp
    + 2009-04-29 19:03 . 2009-04-29 19:03 8404992 c:\windows\Installer\b6a0f.msp
    + 2004-06-12 19:15 . 2004-06-12 19:15 3262464 c:\windows\Installer\b1903.msi
    + 2002-12-12 07:23 . 2002-12-12 07:23 3049472 c:\windows\Installer\787d.msi
    + 2007-06-01 19:54 . 2007-06-01 19:54 9626624 c:\windows\Installer\6fb78.msp
    + 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\6fb70.msp
    + 2008-10-01 04:44 . 2008-10-01 04:44 1479168 c:\windows\Installer\6a6c07.msi
    + 2009-07-12 18:01 . 2009-07-12 18:01 1098240 c:\windows\Installer\6603bc.msi
    + 2005-10-13 16:37 . 2005-10-13 16:37 1587712 c:\windows\Installer\65eb26.msi
    + 2005-10-13 16:34 . 2005-10-13 16:34 3443712 c:\windows\Installer\65eaf7.msi
    + 2005-10-13 16:25 . 2005-10-13 16:25 5662720 c:\windows\Installer\5f3758.msi
    + 2008-06-12 00:13 . 2008-06-12 00:13 7988224 c:\windows\Installer\5e1219.msp
    + 2007-12-01 01:22 . 2007-12-01 01:22 5258752 c:\windows\Installer\54667.msi
    + 2008-09-04 19:52 . 2008-09-04 19:52 4337664 c:\windows\Installer\51dd3f.msp
    + 2008-11-16 19:38 . 2008-11-16 19:38 1652224 c:\windows\Installer\50e1bd.msi
    + 2008-11-16 19:37 . 2008-11-16 19:37 8990208 c:\windows\Installer\50e1b8.msi
    + 2008-11-16 19:33 . 2008-11-16 19:33 1549312 c:\windows\Installer\50df8f.msi
    + 2008-11-16 19:32 . 2008-11-16 19:32 3152384 c:\windows\Installer\50df43.msi
    + 2008-10-28 20:59 . 2008-10-28 20:59 8413184 c:\windows\Installer\4e0b0d.msp
    + 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\4e0ad8.msp
    + 2007-03-24 01:16 . 2007-03-24 01:16 1218560 c:\windows\Installer\3ab45.msi
    + 2002-12-12 07:16 . 2002-12-12 07:16 2778112 c:\windows\Installer\37728.msi
    + 2002-06-13 01:01 . 2002-06-13 01:01 7100416 c:\windows\Installer\37713.msp
    + 2006-12-01 03:26 . 2006-12-01 03:26 1453568 c:\windows\Installer\3748b.msi
    + 2006-12-01 03:24 . 2006-12-01 03:24 1868800 c:\windows\Installer\37486.msi
    + 2006-12-01 03:20 . 2006-12-01 03:20 5091840 c:\windows\Installer\37478.msi
    + 2008-06-30 18:34 . 2008-06-30 18:34 8416768 c:\windows\Installer\36c87a.msp
    + 2008-06-19 22:28 . 2008-06-19 22:28 1573376 c:\windows\Installer\36c845.msp
    + 2008-05-06 14:30 . 2008-05-06 14:30 9577984 c:\windows\Installer\36c834.msp
    + 2009-02-01 02:16 . 2009-02-01 02:16 1181184 c:\windows\Installer\311293.msi
    + 2002-12-12 07:11 . 2002-12-12 07:11 2652672 c:\windows\Installer\2ae8b.msi
    + 2008-01-11 18:13 . 2008-01-11 18:13 5862912 c:\windows\Installer\27a37d.msp
    + 2008-01-29 16:00 . 2008-01-29 16:00 7983104 c:\windows\Installer\27a35b.msp
    + 2006-06-08 03:34 . 2006-06-08 03:34 1002496 c:\windows\Installer\23893.msi
    + 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\21775f.msp
    + 2002-12-12 07:10 . 2002-12-12 07:10 2149888 c:\windows\Installer\1f226.msi
    + 2002-12-12 07:10 . 2002-12-12 07:10 2120192 c:\windows\Installer\1f220.msi
    + 2005-07-06 14:09 . 2005-07-06 14:09 1422848 c:\windows\Installer\1c85f6.msp
    + 2002-09-09 20:55 . 2002-09-09 20:55 2347520 c:\windows\Installer\1C5CE.MSI
    + 2002-09-09 20:54 . 2002-09-09 20:54 3034112 c:\windows\Installer\1C5CA.MSI
    + 2003-09-25 01:34 . 2003-09-25 01:34 2268672 c:\windows\Installer\1b7ebd.msi
    + 2007-07-11 14:01 . 2007-07-11 14:01 6743040 c:\windows\Installer\1975f3.msp
    + 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\178bd76.msp
    + 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\178bd74.msp
    + 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\178bd72.msp
    + 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\178bd71.msp
    + 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\178bd70.msp
    + 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\178bd6f.msp
    + 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\16e482d.msp
    + 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\16e482c.msp
    + 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\16e482b.msp
    + 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\16e482a.msp
    + 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\16e4828.msp
    + 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\16e4825.msp
    + 2008-02-13 01:47 . 2008-02-13 01:47 3620864 c:\windows\Installer\164b8.msi
    + 2008-04-07 19:32 . 2008-04-07 19:32 8415232 c:\windows\Installer\15e894.msp
    + 2008-03-31 20:35 . 2008-03-31 20:35 8309760 c:\windows\Installer\15e86f.msp
    + 2008-04-18 18:56 . 2008-04-18 18:56 6215680 c:\windows\Installer\15e85d.msp
    + 2004-11-20 22:22 . 2004-11-20 22:22 3588096 c:\windows\Installer\12e3a5.msi
    + 2005-06-30 15:38 . 2005-06-30 15:38 6076928 c:\windows\Downloaded Installations\{DF2E8A41-7E98-427D-9582-7D2EAF44F827}\Microsoft AntiSpyware.msi
    + 2005-12-02 04:35 . 2005-12-02 04:35 6170112 c:\windows\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\Microsoft AntiSpyware.msi
    + 2005-11-14 19:24 . 2005-10-18 18:01 9935872 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\iTunes.msi
    + 2005-07-21 03:00 . 2005-07-21 03:00 6120448 c:\windows\Downloaded Installations\{78CB0701-6520-4FAE-99CE-20DE50BEF25C}\Microsoft AntiSpyware.msi
    + 2006-04-02 22:13 . 2006-02-23 20:42 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
    + 2006-08-19 04:25 . 2006-06-19 20:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
    + 2006-05-23 01:27 . 2006-05-23 01:27 6575104 c:\windows\Downloaded Installations\{49D57714-1E1D-47B2-8D8B-6A62CCD043E0}\URGE.msi
    + 2006-06-10 17:19 . 2006-06-10 17:19 9650176 c:\windows\Downloaded Installations\{1F055D73-39A0-4221-9F25-23B828A55E46}\Sunbelt CounterSpy.msi
    + 2009-05-13 02:56 . 2009-05-13 02:56 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
    + 2009-05-13 03:01 . 2009-05-13 03:01 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP125.tmp\System.dll
    + 2009-05-13 02:55 . 2009-05-13 02:55 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
    + 2009-05-15 18:29 . 2009-05-15 18:29 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
    + 2009-05-15 18:24 . 2009-05-15 18:24 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
    + 2009-05-15 18:24 . 2009-05-15 18:24 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
    + 2009-05-13 02:59 . 2009-05-13 02:59 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
    + 2009-05-13 02:59 . 2009-05-13 02:59 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
    + 2009-05-15 18:27 . 2009-05-15 18:27 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
    + 2009-05-13 02:59 . 2009-05-13 02:59 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
    + 2009-05-13 02:59 . 2009-05-13 02:59 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
    + 2009-05-13 02:58 . 2009-05-13 02:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
    + 2009-05-13 02:55 . 2009-05-13 02:55 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
    + 2009-05-15 18:26 . 2009-05-15 18:26 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-05-12 23:43 . 2009-05-12 23:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2008-10-13 19:35 . 2008-10-13 19:35 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2008-10-13 19:31 . 2008-10-13 19:31 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2009-05-12 23:42 . 2009-05-12 23:42 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2008-10-13 19:24 . 2008-10-13 19:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-05-12 23:42 . 2009-05-12 23:42 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2008-10-13 19:32 . 2008-10-13 19:32 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2009-05-12 23:39 . 2009-05-12 23:39 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-05-12 23:40 . 2009-05-12 23:40 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2008-10-13 19:25 . 2008-10-13 19:25 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 1499136 c:\windows\$NtUninstallKB972260$\shdocvw.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 3068928 c:\windows\$NtUninstallKB972260$\mshtml.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 1054208 c:\windows\$NtUninstallKB972260$\danim.dll
    + 2009-07-29 16:20 . 2009-04-29 04:31 1024000 c:\windows\$NtUninstallKB972260$\browseui.dll
    + 2009-07-15 23:15 . 2008-12-20 22:43 1287680 c:\windows\$NtUninstallKB971633$\quartz.dll
    + 2009-06-11 14:49 . 2009-03-02 23:27 1499136 c:\windows\$NtUninstallKB969897$\shdocvw.dll
    + 2009-06-11 14:49 . 2009-02-20 21:44 3067904 c:\windows\$NtUninstallKB969897$\mshtml.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 1054208 c:\windows\$NtUninstallKB969897$\danim.dll
    + 2009-06-11 14:49 . 2009-02-20 08:14 1024000 c:\windows\$NtUninstallKB969897$\browseui.dll
    + 2009-06-11 14:46 . 2009-02-09 10:19 1846272 c:\windows\$NtUninstallKB968537$\win32k.sys
    + 2009-07-18 15:31 . 2009-07-18 15:31 1509888 c:\windows\$hf_mig$\KB972260\SP3QFE\shdocvw.dll
    + 2009-07-18 15:31 . 2009-07-18 15:31 3069952 c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
    + 2009-07-18 16:05 . 2009-07-18 16:05 1509888 c:\windows\$hf_mig$\KB972260\SP3GDR\shdocvw.dll
    + 2009-07-18 16:05 . 2009-07-18 16:05 3069440 c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
    + 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
    + 2009-06-03 19:09 . 2009-06-03 19:09 1291264 c:\windows\$hf_mig$\KB971633\SP3GDR\quartz.dll
    + 2009-06-03 19:24 . 2009-06-03 19:24 1291264 c:\windows\$hf_mig$\KB971633\SP2QFE\quartz.dll
    + 2009-04-29 04:21 . 2009-04-29 04:21 1499136 c:\windows\$hf_mig$\KB969897\SP3QFE\shdocvw.dll
    + 2009-04-29 04:21 . 2009-04-29 04:21 3069440 c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
    + 2009-04-29 04:46 . 2009-04-29 04:46 1499136 c:\windows\$hf_mig$\KB969897\SP3GDR\shdocvw.dll
    + 2009-04-29 04:46 . 2009-04-29 04:46 3068928 c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
    + 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
    + 2009-04-17 12:26 . 2009-04-17 12:26 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
    + 2009-04-17 10:09 . 2009-04-17 10:09 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
    + 2003-09-17 05:25 . 2009-07-14 03:43 10841088 c:\windows\SYSTEM32\wmp.dll
    + 2009-08-23 05:05 . 2009-08-28 21:38 24689600 c:\windows\SYSTEM32\MRT.exe
    + 2003-09-17 05:25 . 2009-07-14 03:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
    + 2007-02-11 04:00 . 2007-01-19 18:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
    + 2007-07-24 19:11 . 2007-07-24 19:11 17521152 c:\windows\Installer\dd9ec.msp
    + 2005-09-25 15:46 . 2005-09-25 15:46 16084480 c:\windows\Installer\dd938.msp
    + 2007-10-13 04:01 . 2007-10-13 04:01 19210240 c:\windows\Installer\cc0185.msp
    + 2005-07-05 17:49 . 2005-07-05 17:49 10723328 c:\windows\Installer\c23b19.msp
    + 2009-05-05 22:06 . 2009-05-05 22:06 17515008 c:\windows\Installer\b6a68.msp
    + 2007-10-13 15:22 . 2007-10-13 15:22 15256576 c:\windows\Installer\6fb8f.msp
    + 2008-08-11 15:51 . 2008-08-11 15:51 15916544 c:\windows\Installer\5e1239.msp
    + 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\5e1231.msp
    + 2008-08-19 13:37 . 2008-08-19 13:37 17523712 c:\windows\Installer\51dd62.msp
    + 2008-07-30 03:20 . 2008-07-30 03:20 11767296 c:\windows\Installer\51dd2d.msp
    + 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\4e0b26.msp
    + 2008-10-29 00:17 . 2008-10-29 00:17 17520128 c:\windows\Installer\4e0aeb.msp
    + 2001-11-21 03:31 . 2001-11-21 03:31 17280000 c:\windows\Installer\37769.msp
    + 2008-06-20 19:30 . 2008-06-20 19:30 16733184 c:\windows\Installer\36c858.msp
    + 2008-07-03 15:37 . 2008-07-03 15:37 11759104 c:\windows\Installer\36c83c.msp
    + 2007-10-15 03:33 . 2007-10-15 03:33 26646016 c:\windows\Installer\34c640.msp
    + 2009-07-20 16:03 . 2009-07-20 16:03 16465408 c:\windows\Installer\30c63fa.msp
    + 2008-02-25 19:07 . 2008-02-25 19:07 11772416 c:\windows\Installer\27a3bb.msp
    + 2008-01-24 19:56 . 2008-01-24 19:56 13570560 c:\windows\Installer\27a3a3.msp
    + 2008-01-29 17:14 . 2008-01-29 17:14 17524224 c:\windows\Installer\27a338.msp
    + 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\217769.msp
    + 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\15e545f.msp
    + 2004-01-30 07:19 . 2004-01-30 07:19 56269996 c:\windows\Installer\109dd4.msp
    + 2005-01-31 19:24 . 2005-01-31 19:24 16129024 c:\windows\Installer\106318.msi
    + 2009-03-09 19:55 . 2009-03-09 19:55 17526272 c:\windows\Installer\105c59.msp
    + 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\105c22.msp
    + 2005-06-29 21:32 . 2005-06-29 21:32 21069312 c:\windows\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\iTunes.msi
    + 2005-08-10 23:41 . 2005-08-11 00:01 10000384 c:\windows\Downloaded Installations\{02FD51F0-BED5-4652-B9BB-E3FA0B1C2650}\Powerword Online.msi
    + 2009-05-13 03:00 . 2009-05-13 03:00 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
    + 2009-05-15 18:28 . 2009-05-15 18:28 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
    + 2009-05-15 18:25 . 2009-05-15 18:25 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
    + 2009-05-13 03:00 . 2009-05-13 03:00 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
    + 2009-05-13 02:58 . 2009-05-13 02:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
    + 2009-05-13 02:56 . 2009-05-13 02:56 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
    + 2009-05-12 23:42 . 2009-05-12 23:42 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [BU]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
    "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-10-22 1622016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-05 14:00 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Ou Lee^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
    path=c:\documents and settings\Ou Lee\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
    backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1105821942\\ee\\aolservicehost.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\pipi\\jfCacheMgr.exe"=
    "c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
    "c:\\Program Files\\pipi\\PIPIPlayer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\Ou Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Ou Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "88:UDP"= 88:UDP:xbox2
    "3074:TCP"= 3074:TCP:xbox3
    "3074:UDP"= 3074:UDP:xbox4
    "53:TCP"= 53:TCP:xbox5
    "53:UDP"= 53:UDP:xbox6
    "57397:TCP"= 57397:TCP:Pando Media Booster
    "57397:UDP"= 57397:UDP:Pando Media Booster

    R0 IFP300;iRiver Internet Audio Player IFP-300;c:\windows\System32\DRIVERS\ifp300.sys [x]
    R0 nspIkrf;nspIkrf;c:\windows\system32\drivers\idpk.sys [x]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-18 335752]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-05 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-05 298776]
    R3 LTDPIPE;LTDPIPE;c:\docume~1\JEFFRE~2\LOCALS~1\Temp\LTDPIPE.SYS [x]
    R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-11-09 15576]
    R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011Core.job
    - c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 23:51]

    2009-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011UA.job
    - c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 23:51]

    2009-09-12 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

    2005-10-13 c:\windows\Tasks\WebReg .job
    - c:\program files\HP\digital imaging\bin\hpqwrg.exe [2005-05-12 04:21]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = [You must be registered and logged in to see this link.]
    mSearch Bar = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: aol.com\free
    TCP: {DB2EDB9E-0371-481E-AED2-BBAEF1523F69} = 208.67.222.222,208.67.220.220
    Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
    DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
    DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
    FF - ProfilePath - c:\documents and settings\Ou Lee\Application Data\Mozilla\Firefox\Profiles\aa390js1.default\
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\Ou Lee\Application Data\Mozilla\Firefox\Profiles\aa390js1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
    FF - plugin: c:\documents and settings\Ou Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2009-09-12 16:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(256)
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\MI-SC4.acm
    .
    Completion time: 2009-09-12 16:18
    ComboFix-quarantined-files.txt 2009-09-12 20:18
    ComboFix2.txt 2009-05-08 01:48
    ComboFix3.txt 2009-04-02 00:10

    Pre-Run: 27,282,681,856 bytes free
    Post-Run: 27,175,198,720 bytes free

    1085 --- E O F --- 2009-09-10 07:07

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 12th September 2009, 8:41 pm

    Check up log:

    Results of screen317's Security Check version 0.98.9
    Windows XP Service Pack 2
    Out of date service pack!!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 8.5


    ``````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date Spybot installed!
    Spybot - Search & Destroy 1.5.2.20
    Spybot - Search & Destroy
    Windows Defender Signatures
    Windows Defender
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner (remove only)
    TweakNow RegCleaner Standard
    Java(TM) 6 Update 15
    Adobe Flash Player 10
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Out of date Adobe Reader installed!
    ``````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MsMpEng.exe is disabled!
    WinPatrol winpatrol.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe


    ``````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    `````````End of Log```````````

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 12th September 2009, 8:43 pm

    It looks like the google redirect virus is removed! xD

    Can you give me a short description of what happened to my computer?

    Do you know anyway to make sure that something like this doesn't happen again? Any recommended anti-virus, spyware, or malware software?

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by Dr Jay on 12th September 2009, 10:12 pm

    Hi

    I will give software recommendations after you have been declared clean.

    All I can say that happened, is that your system has been highly compromised by malware. Most likely because of P2P programs, and bad/rogue downloads.

    ==
    Print these instructions, or copy and paste them to Notepad - and save it.
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:


    Rootkit::
    c:\windows\system32\drivers\fidbox.idx
    c:\windows\system32\drivers\fidbox2.idx
    c:\windows\system32\drivers\fidbox2.dat
    c:\windows\system32\drivers\fidbox.dat

    Suspect::
    c:\windows\SYSTEM32\A453D9DE65.sys
    c:\windows\Downloaded Program Files\unagiuninst.exe
    c:\Program Files\LimeWire\LimeWire.exe

    DirLook::
    c:\windows\Installer

    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 13th September 2009, 4:48 am

    ComboFix 09-09-12.08 - Ou Lee 09/12/2009 23:45.4.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.290 [GMT -4:00]
    Running from: c:\documents and settings\Ou Lee\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ou Lee\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    file zipped: c:\program files\LimeWire\LimeWire.exe
    file zipped: c:\windows\Downloaded Program Files\unagiuninst.exe
    file zipped: c:\windows\SYSTEM32\A453D9DE65.sys
    .

    ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
    .

    2009-09-13 04:35 . 2009-09-13 04:36 2848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-09-13 04:35 . 2009-09-13 04:35 55328 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-09-12 19:22 . 2009-09-12 20:18 -------- d-----w- C:\Combo-Fix
    2009-09-12 04:28 . 2009-09-12 04:28 -------- d-----w- C:\_OTM
    2009-09-10 01:49 . 2009-09-10 01:49 -------- d-----w- C:\Rooter$

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-13 04:35 . 2009-09-13 04:35 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-09-13 04:35 . 2009-09-13 04:35 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-09-13 03:45 . 2007-11-05 03:00 -------- d-----w- c:\program files\LimeWire
    2009-09-10 03:24 . 2005-05-11 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-09-09 01:39 . 2005-05-29 01:13 -------- d-----w- c:\program files\Java
    2009-09-07 01:35 . 2008-04-19 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
    2009-09-05 23:33 . 2008-04-19 01:12 -------- d-----w- c:\documents and settings\Ou Lee\Application Data\ZoomBrowser EX
    2009-09-05 21:10 . 2009-04-01 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-23 00:47 . 2002-12-15 22:33 105632 -c--a-w- c:\documents and settings\Perry Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-16 22:23 . 2009-07-12 18:01 -------- d-----w- c:\program files\Steam
    2009-08-10 00:11 . 2009-08-09 22:44 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2009-08-10 00:11 . 2009-08-09 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-08-05 09:11 . 2004-03-20 20:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 17:36 . 2009-04-05 18:55 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 17:36 . 2009-04-05 18:55 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-01 21:43 . 2004-05-04 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-01 21:41 . 2005-06-13 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-25 09:23 . 2009-07-11 19:48 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-18 15:48 . 2009-04-30 03:49 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-07-17 18:55 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 03:43 . 2003-03-16 21:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-26 15:59 . 2004-02-06 22:05 668160 ------w- c:\windows\system32\wininet.dll
    2009-06-26 15:59 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-17 15:49 . 2009-04-30 03:49 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-16 14:55 . 2002-08-29 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:55 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2005-06-11 23:50 . 2005-06-11 23:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2003-03-23 01:22 . 2003-03-23 01:22 1521431 -c--a-w- c:\program files\appr146.exe
    2007-07-25 02:17 . 2006-08-31 23:34 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-06-01 00:47 . 2005-06-01 00:46 56 -csh--r- c:\windows\SYSTEM32\A453D9DE65.sys
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\Installer ----

    2009-08-21 20:40 . 2009-08-21 20:40 288768 ----a-w- c:\windows\Installer\dd30c.msi
    2009-07-29 16:18 . 2009-07-29 16:18 248832 ----a-w- c:\windows\Installer\398eeed.msi
    2009-07-26 20:09 . 2009-07-26 20:09 1451008 ----a-w- c:\windows\Installer\baf036.msi
    2009-07-20 16:03 . 2009-07-20 16:03 16465408 ----a-r- c:\windows\Installer\30c63fa.msp
    2009-07-12 18:01 . 2009-07-12 18:01 94208 ----a-r- c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url
    2009-07-12 18:01 . 2009-07-12 18:01 27648 ----a-r- c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
    2009-07-12 18:01 . 2009-07-12 18:01 1098240 ----a-w- c:\windows\Installer\6603bc.msi
    2009-07-11 19:48 . 2009-07-11 19:48 985088 ----a-r- c:\windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216014FF}\sp1033.MST
    2009-07-11 19:48 . 2009-07-11 19:48 536576 ----a-w- c:\windows\Installer\6b9048.msi
    2009-06-20 00:59 . 2009-06-20 00:59 122880 -c--a-w- c:\windows\Installer\220146.msi
    2009-06-11 14:51 . 2009-06-11 14:51 38240 -c--a-r- c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    2009-05-12 23:43 . 2009-09-01 21:29 6 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\CacheSize.txt
    2009-05-05 22:06 . 2009-05-05 22:06 17515008 -c--a-r- c:\windows\Installer\b6a68.msp
    2009-05-04 11:46 . 2009-05-04 11:46 8299008 -c--a-r- c:\windows\Installer\b6a33.msp
    2009-05-01 03:02 . 2009-05-01 03:02 9628672 -c--a-r- c:\windows\Installer\fa4af.msp
    2009-04-30 03:49 . 2009-04-30 03:49 337408 -c--a-w- c:\windows\Installer\2d75f.msi
    2009-04-29 19:03 . 2009-04-29 19:03 8404992 -c--a-r- c:\windows\Installer\b6a0f.msp
    2009-04-24 16:31 . 2009-04-24 16:31 1425920 -c--a-r- c:\windows\Installer\fa49b.msp
    2009-04-24 16:30 . 2009-04-24 16:30 2583552 -c--a-r- c:\windows\Installer\b6a2a.msp
    2009-04-23 01:25 . 2009-04-23 01:25 40960 -c--a-r- c:\windows\Installer\{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}\ARPPRODUCTICON.exe
    2009-04-23 01:25 . 2009-04-23 01:25 40960 -c--a-r- c:\windows\Installer\{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}\NewShortcut1_377B07258AA247AB9F31E2C4CFBE0F47.exe
    2009-04-23 01:25 . 2009-04-23 01:25 40960 -c--a-r- c:\windows\Installer\{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}\NewShortcut5_377B07258AA247AB9F31E2C4CFBE0F47.exe
    2009-04-23 01:25 . 2009-04-23 01:25 979968 -c--a-w- c:\windows\Installer\21117e.msi
    2009-04-20 18:59 . 2009-04-20 18:59 219648 -c--a-r- c:\windows\Installer\b6a45.msp
    2009-03-28 04:51 . 2009-03-28 04:51 324324 -c--a-w- c:\windows\Installer\MSIFA.tmp
    2009-03-20 15:48 . 2009-03-20 15:48 183808 ----a-r- c:\windows\Installer\d2e2d.msp
    2009-03-09 19:55 . 2009-03-09 19:55 17526272 -c--a-r- c:\windows\Installer\105c59.msp
    2009-02-25 23:07 . 2009-02-25 23:07 11646464 -c--a-r- c:\windows\Installer\105c22.msp
    2009-02-10 12:50 . 2009-02-10 12:50 536576 -c--a-r- c:\windows\Installer\105c36.msp
    2009-02-01 02:16 . 2009-02-01 02:16 439926 -c--a-r- c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\ARPIcon
    2009-02-01 02:16 . 2009-02-01 02:16 25214 -c--a-r- c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\Checker.exe
    2009-02-01 02:16 . 2009-02-01 02:16 29926 -c--a-r- c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxHelpChm.ico
    2009-02-01 02:16 . 2009-02-01 02:16 439926 -c--a-r- c:\windows\Installer\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}\XBoxStat.exe
    2009-02-01 02:16 . 2009-02-01 02:16 1181184 -c--a-w- c:\windows\Installer\311293.msi
    2009-01-22 15:40 . 2009-01-22 15:40 152576 -c--a-w- c:\windows\Installer\89f2b.msi
    2008-12-13 14:21 . 2008-12-13 14:21 10473472 -c--a-r- c:\windows\Installer\217769.msp
    2008-12-13 13:58 . 2008-12-13 13:58 754688 -c--a-r- c:\windows\Installer\217774.msp
    2008-12-13 13:57 . 2008-12-13 13:57 8397824 -c--a-r- c:\windows\Installer\21775f.msp
    2008-12-02 16:07 . 2008-12-02 16:07 93696 -c--a-w- c:\windows\Installer\2f80e1.msi
    2008-12-02 16:06 . 2008-12-02 16:06 183296 -c--a-w- c:\windows\Installer\2f80dc.msi
    2008-12-02 16:06 . 2008-12-02 16:06 189952 -c--a-w- c:\windows\Installer\2f80d7.msi
    2008-11-16 19:38 . 2008-11-16 19:38 2238 -c--a-r- c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\Installer.ico
    2008-11-16 19:38 . 2008-11-16 19:38 86016 -c--a-r- c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
    2008-11-16 19:38 . 2008-11-16 19:38 1652224 -c--a-w- c:\windows\Installer\50e1bd.msi
    2008-11-16 19:37 . 2008-11-16 19:37 22486 -c--a-r- c:\windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\PictureViewer.ico
    2008-11-16 19:37 . 2008-11-16 19:37 22486 -c--a-r- c:\windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\QTUninstaller.ico
    2008-11-16 19:37 . 2008-11-16 19:37 766 -c--a-r- c:\windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\RichText.ico
    2008-11-16 19:37 . 2008-11-16 19:37 22486 -c--a-r- c:\windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\Installer.ico
    2008-11-16 19:37 . 2008-11-16 19:37 22486 -c--a-r- c:\windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\QTPlayer.ico
    2008-11-16 19:37 . 2008-11-16 19:37 8990208 -c--a-w- c:\windows\Installer\50e1b8.msi
    2008-11-16 19:33 . 2008-11-16 19:33 27136 -c--a-r- c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
    2008-11-16 19:33 . 2008-11-16 19:33 2238 -c--a-r- c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\Installer.ico
    2008-11-16 19:33 . 2008-11-16 19:33 1549312 -c--a-w- c:\windows\Installer\50df8f.msi
    2008-11-16 19:32 . 2008-11-16 19:32 287190 -c--a-r- c:\windows\Installer\{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}\Installer.ico
    2008-11-16 19:32 . 2008-11-16 19:32 3152384 -c--a-w- c:\windows\Installer\50df43.msi
    2008-11-12 04:05 . 2008-11-12 04:05 5430 -c--a-r- c:\windows\Installer\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}\ARPIco
    2008-11-12 04:05 . 2008-11-12 04:05 972800 -c--a-w- c:\windows\Installer\15e5466.msi
    2008-11-12 04:03 . 2008-11-12 04:03 32768 -c--a-r- c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    2008-11-12 04:03 . 2008-11-12 04:03 432640 -c--a-w- c:\windows\Installer\15e5458.msi
    2008-10-29 00:17 . 2008-10-29 00:17 17520128 -c--a-r- c:\windows\Installer\4e0aeb.msp
    2008-10-28 20:59 . 2008-10-28 20:59 8413184 -c--a-r- c:\windows\Installer\4e0b0d.msp
    2008-10-20 15:22 . 2008-10-20 15:22 11758592 -c--a-r- c:\windows\Installer\4e0b26.msp
    2008-10-20 15:18 . 2008-10-20 15:18 6474240 -c--a-r- c:\windows\Installer\4e0ad8.msp
    2008-10-13 19:35 . 2008-10-13 19:35 648192 -c--a-w- c:\windows\Installer\17b9af8.msi
    2008-10-13 19:35 . 2008-10-13 19:35 1277952 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\System.Web.Extensions_dll_x86_gc.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-10-13 19:35 . 2008-10-13 19:35 225280 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\System.Web.DynamicData_dll_x86_gc.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-10-13 19:35 . 2008-10-13 19:35 139264 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\FL_System_Web_Entity_dll_Gac_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-10-13 19:34 . 2008-10-13 19:34 442368 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_gac_x86
    2008-10-13 19:34 . 2008-10-13 19:34 294912 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_gac_x86
    2008-10-13 19:33 . 2008-10-13 19:33 137728 -c--a-w- c:\windows\Installer\178bd6d.msi
    2008-10-13 19:33 . 2008-10-13 19:33 0 -c--a-w- c:\windows\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
    2008-10-13 19:25 . 2008-10-13 19:25 88576 -c--a-w- c:\windows\Installer\16e4824.msi
    2008-10-01 04:44 . 2008-10-01 04:44 613888 -c--a-r- c:\windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon
    2008-10-01 04:44 . 2008-10-01 04:44 1479168 -c--a-w- c:\windows\Installer\6a6c07.msi
    2008-09-24 17:05 . 2008-09-24 17:05 16381440 -c--a-r- c:\windows\Installer\15e545f.msp
    2008-09-04 19:52 . 2008-09-04 19:52 4337664 -c--a-r- c:\windows\Installer\51dd3f.msp
    2008-08-19 13:37 . 2008-08-19 13:37 17523712 -c--a-r- c:\windows\Installer\51dd62.msp
    2008-08-11 15:51 . 2008-08-11 15:51 15916544 -c--a-r- c:\windows\Installer\5e1239.msp
    2008-08-11 15:49 . 2008-08-11 15:49 22457344 -c--a-r- c:\windows\Installer\5e1231.msp
    2008-07-30 04:28 . 2008-07-30 04:28 278016 -c--a-r- c:\windows\Installer\178bd75.msp
    2008-07-30 04:23 . 2008-07-30 04:23 250880 -c--a-r- c:\windows\Installer\178bd77.msp
    2008-07-30 04:15 . 2008-07-30 04:15 3697664 -c--a-r- c:\windows\Installer\178bd72.msp
    2008-07-30 04:07 . 2008-07-30 04:07 23040 -c--a-r- c:\windows\Installer\178bd6e.msp
    2008-07-30 03:40 . 2008-07-30 03:40 16083 ----a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Defaults_js.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-07-30 03:40 . 2008-07-30 03:40 294912 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_Client_x86
    2008-07-30 03:40 . 2008-07-30 03:40 442368 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\DP_System_Data_Services_x86
    2008-07-30 03:40 . 2008-07-30 03:40 139264 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\FL_System_Web_Entity_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-07-30 03:40 . 2008-07-30 03:40 225280 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\System.Web.DynamicData_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-07-30 03:40 . 2008-07-30 03:40 1277952 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\System.Web.Extensions_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-07-30 03:37 . 2008-07-30 03:37 2679808 -c--a-r- c:\windows\Installer\178bd74.msp
    2008-07-30 03:22 . 2008-07-30 03:22 4137984 -c--a-r- c:\windows\Installer\178bd70.msp
    2008-07-30 03:20 . 2008-07-30 03:20 11767296 -c--a-r- c:\windows\Installer\51dd2d.msp
    2008-07-30 02:40 . 2008-07-30 02:40 291840 -c--a-r- c:\windows\Installer\178bd73.msp
    2008-07-30 02:34 . 2008-07-30 02:34 1448448 -c--a-r- c:\windows\Installer\178bd71.msp
    2008-07-30 02:26 . 2008-07-30 02:26 1043456 -c--a-r- c:\windows\Installer\178bd76.msp
    2008-07-30 02:18 . 2008-07-30 02:18 3376640 -c--a-r- c:\windows\Installer\178bd6f.msp
    2008-07-30 00:45 . 2008-07-30 00:45 2543616 -c--a-r- c:\windows\Installer\16e482d.msp
    2008-07-30 00:43 . 2008-07-30 00:43 1013248 -c--a-r- c:\windows\Installer\16e4828.msp
    2008-07-30 00:41 . 2008-07-30 00:41 6487040 -c--a-r- c:\windows\Installer\16e482b.msp
    2008-07-30 00:39 . 2008-07-30 00:39 3403264 -c--a-r- c:\windows\Installer\16e482a.msp
    2008-07-30 00:37 . 2008-07-30 00:37 911360 -c--a-r- c:\windows\Installer\16e4826.msp
    2008-07-30 00:35 . 2008-07-30 00:35 553472 -c--a-r- c:\windows\Installer\16e4829.msp
    2008-07-30 00:33 . 2008-07-30 00:33 506368 -c--a-r- c:\windows\Installer\16e4827.msp
    2008-07-30 00:31 . 2008-07-30 00:31 6083072 -c--a-r- c:\windows\Installer\16e4825.msp
    2008-07-30 00:29 . 2008-07-30 00:29 2926080 -c--a-r- c:\windows\Installer\16e482c.msp
    2008-07-23 03:20 . 2008-07-23 03:20 110592 -c--a-r- c:\windows\Installer\36c89d.msp
    2008-07-10 16:02 . 2008-07-10 16:02 192000 -c--a-w- c:\windows\Installer\4320a4.msi
    2008-07-04 01:40 . 2008-07-04 01:40 532992 -c--a-w- c:\windows\Installer\5b271a.msi
    2008-07-03 15:37 . 2008-07-03 15:37 11759104 -c--a-r- c:\windows\Installer\36c83c.msp
    2008-06-30 18:34 . 2008-06-30 18:34 8416768 -c--a-r- c:\windows\Installer\36c87a.msp
    2008-06-20 19:30 . 2008-06-20 19:30 16733184 -c--a-r- c:\windows\Installer\36c858.msp
    2008-06-19 22:28 . 2008-06-19 22:28 1573376 -c--a-r- c:\windows\Installer\36c845.msp
    2008-06-12 17:34 . 2008-06-12 17:34 1183 ----a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Install_rdf.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-06-12 00:13 . 2008-06-12 00:13 7988224 -c--a-r- c:\windows\Installer\5e1219.msp
    2008-05-30 22:28 . 2008-05-30 22:28 29500 ----a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-05-29 21:17 . 2008-05-29 21:17 1358848 -c--a-w- c:\windows\Installer\MSI23.tmp
    2008-05-29 17:00 . 2008-05-29 17:00 1880 ----a-r- c:\windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8
    2008-05-06 14:30 . 2008-05-06 14:30 9577984 -c--a-r- c:\windows\Installer\36c834.msp
    2008-04-18 18:56 . 2008-04-18 18:56 6215680 -c--a-r- c:\windows\Installer\15e85d.msp
    2008-04-07 19:32 . 2008-04-07 19:32 8415232 -c--a-r- c:\windows\Installer\15e894.msp
    2008-03-31 20:35 . 2008-03-31 20:35 8309760 -c--a-r- c:\windows\Installer\15e86f.msp
    2008-02-25 19:07 . 2008-02-25 19:07 11772416 -c--a-r- c:\windows\Installer\27a3bb.msp
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\APIFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SecStoreFile.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\PDFFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\PDXFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\XDPFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\FDFFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 25214 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\RMFFile_8.ico
    2008-02-13 01:47 . 2008-02-13 01:47 295606 -c--a-r- c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
    2008-02-13 01:47 . 2008-02-13 01:47 3620864 -c--a-w- c:\windows\Installer\164b8.msi
    2008-01-29 17:14 . 2008-01-29 17:14 17524224 -c--a-r- c:\windows\Installer\27a338.msp
    2008-01-29 16:00 . 2008-01-29 16:00 7983104 -c--a-r- c:\windows\Installer\27a35b.msp
    2008-01-24 19:56 . 2008-01-24 19:56 13570560 -c--a-r- c:\windows\Installer\27a3a3.msp
    2008-01-24 14:04 . 2008-01-24 14:04 678400 -c--a-r- c:\windows\Installer\36c811.msp
    2008-01-21 02:08 . 2008-01-21 02:08 34912 -c--a-w- c:\windows\Installer\MSI184.tmp
    2008-01-14 20:08 . 2008-01-14 20:08 8411136 -c--a-r- c:\windows\Installer\d87b9.msp
    2008-01-14 19:26 . 2008-01-14 19:26 4478464 -c--a-r- c:\windows\Installer\d8797.msp
    2008-01-14 19:26 . 2008-01-14 19:26 8362496 -c--a-r- c:\windows\Installer\d8771.msp
    2008-01-11 18:13 . 2008-01-11 18:13 5862912 -c--a-r- c:\windows\Installer\27a37d.msp
    2007-12-01 01:22 . 2007-12-01 01:22 3584 -c--a-r- c:\windows\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\1033.mst
    2007-12-01 01:22 . 2007-12-24 19:36 53248 -c--a-r- c:\windows\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
    2007-12-01 01:22 . 2007-12-24 19:36 15086 -c--a-r- c:\windows\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
    2007-12-01 01:22 . 2007-12-24 19:36 15086 -c--a-r- c:\windows\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
    2007-12-01 01:22 . 2007-12-01 01:22 5258752 -c--a-w- c:\windows\Installer\54667.msi
    2007-10-26 00:03 . 2007-10-26 00:03 3584 -c--a-w- c:\windows\Installer\545ac.mst
    2007-10-15 03:33 . 2007-10-15 03:33 26646016 -c--a-r- c:\windows\Installer\34c640.msp
    2007-10-13 15:22 . 2007-10-13 15:22 15256576 -c--a-r- c:\windows\Installer\6fb8f.msp
    2007-10-13 15:21 . 2009-06-11 14:51 7 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\CacheSize.txt
    2007-10-13 04:42 . 2007-10-13 04:42 4286 -c--a-r- c:\windows\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}\folder.ico
    2007-10-13 04:42 . 2007-10-13 04:42 470528 -c--a-w- c:\windows\Installer\cc018e.msi
    2007-10-13 04:01 . 2007-10-13 04:01 19210240 -c--a-r- c:\windows\Installer\cc0185.msp
    2007-10-13 03:54 . 2007-10-13 03:54 355328 -c--a-w- c:\windows\Installer\cc013c.msi
    2007-09-17 17:33 . 2007-09-17 17:33 8415232 -c--a-r- c:\windows\Installer\dda32.msp
    2007-09-15 01:45 . 2007-09-15 01:45 16901168 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL
    2007-08-29 04:19 . 2007-08-29 04:19 1654648 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL
    2007-08-15 18:18 . 2007-08-15 18:18 32768 -c--a-r- c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
    2007-08-15 18:18 . 2007-08-15 18:18 431104 -c--a-w- c:\windows\Installer\11a461.msi
    2007-07-31 23:31 . 2007-07-31 23:31 575000 -c--a-w- c:\windows\Installer\MSI3.tmp
    2007-07-28 22:02 . 2007-07-28 22:02 575000 -c--a-w- c:\windows\Installer\MSIB.tmp
    2007-07-26 13:31 . 2007-07-26 13:31 1314981 -c--a-w- c:\windows\Installer\MSIC.tmp
    2007-07-24 19:11 . 2007-07-24 19:11 17521152 -c--a-r- c:\windows\Installer\dd9ec.msp
    2007-07-21 17:26 . 2007-07-21 17:26 7574016 -c--a-r- c:\windows\Installer\6fb70.msp
    2007-07-11 14:01 . 2007-07-11 14:01 6743040 -c--a-r- c:\windows\Installer\1975f3.msp
    2007-06-01 19:54 . 2007-06-01 19:54 9626624 -c--a-r- c:\windows\Installer\6fb78.msp
    2007-05-23 19:30 . 2007-05-23 19:30 1425744 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\msxml5.dll.AB5E1073_AD9B_48DF_B07F_3E445B5A45CF
    2007-05-10 14:25 . 2007-05-10 14:25 14677368 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
    2007-05-10 14:11 . 2007-05-10 14:11 1767256 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
    2007-05-10 13:04 . 2007-05-10 13:04 846248 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
    2007-05-08 15:10 . 2007-05-08 15:10 16874376 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
    2007-04-19 19:40 . 2007-04-19 19:40 7979008 -c--a-r- c:\windows\Installer\dd893.msp
    2007-04-18 21:45 . 2007-04-18 21:45 1314982 -c--a-w- c:\windows\Installer\MSI9.tmp
    2007-03-24 01:16 . 2007-03-24 01:16 631808 -c--a-w- c:\windows\Installer\3ab53.msi
    2007-03-24 01:16 . 2007-03-24 01:16 623616 -c--a-w- c:\windows\Installer\3ab4c.msi
    2007-03-24 01:16 . 2007-03-24 01:16 1218560 -c--a-w- c:\windows\Installer\3ab45.msi
    2007-03-24 01:15 . 2007-03-24 01:15 3584 -c--a-w- c:\windows\Installer\10617.mst
    2007-03-24 01:15 . 2007-03-24 01:15 3584 -c--a-w- c:\windows\Installer\113f5.mst
    2007-03-24 01:15 . 2007-03-24 01:15 3584 -c--a-w- c:\windows\Installer\11b62.mst
    2007-03-24 01:15 . 2007-03-24 01:15 3584 -c--a-w- c:\windows\Installer\1a469.mst
    2007-03-24 01:15 . 2007-03-24 01:15 3584 -c--a-w- c:\windows\Installer\1a46e.mst
    2007-03-21 23:00 . 2007-03-21 23:00 72096 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
    2007-03-21 22:58 . 2007-03-21 22:58 24416 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
    2007-03-21 22:58 . 2007-03-21 22:58 4145520 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
    2007-03-21 22:56 . 2007-03-21 22:56 8425856 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
    2007-02-11 04:00 . 2007-01-19 18:20 16633344 -c--a-w- c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
    2007-02-11 04:00 . 2007-02-11 04:00 29926 -c--a-r- c:\windows\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
    2007-02-11 04:00 . 2007-02-11 04:00 697856 -c--a-w- c:\windows\Installer\40dba9.msi
    2007-02-06 02:58 . 2007-02-06 02:58 3584 -c--a-w- c:\windows\Installer\24135.mst
    2007-02-06 02:58 . 2007-02-06 02:58 3584 -c--a-w- c:\windows\Installer\2413d.mst
    2007-02-06 02:58 . 2007-02-06 02:58 3584 -c--a-w- c:\windows\Installer\24144.mst
    2006-12-13 12:32 . 2006-12-13 12:32 5861376 -c--a-r- c:\windows\Installer\dd95b.msp
    2006-12-05 23:02 . 2006-12-05 23:02 146432 -c--a-r- c:\windows\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150090}\sp1033.MST
    2006-12-05 22:58 . 2006-12-05 22:58 146432 -c--a-w- c:\windows\Installer\MSIA4.tmp
    2006-12-05 22:58 . 2006-12-05 22:58 146432 -c--a-w- c:\windows\Installer\MSI9E.tmp
    2006-12-01 19:12 . 2006-12-01 19:12 146432 -c--a-w- c:\windows\Installer\MSIE.tmp
    2006-12-01 03:26 . 2006-12-01 03:26 1453568 -c--a-w- c:\windows\Installer\3748b.msi
    2006-12-01 03:24 . 2006-12-01 03:24 65536 -c--a-r- c:\windows\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
    2006-12-01 03:24 . 2006-12-01 03:24 65536 -c--a-r- c:\windows\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
    2006-12-01 03:24 . 2006-12-01 03:24 1868800 -c--a-w- c:\windows\Installer\37486.msi
    2006-12-01 03:22 . 2006-12-01 03:22 537600 -c--a-w- c:\windows\Installer\37481.msi
    2006-12-01 03:20 . 2006-12-01 03:20 65536 -c--a-r- c:\windows\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut2_236BB7C4441942FD04091E257A25E34D
    2006-12-01 03:20 . 2006-12-01 03:20 65536 -c--a-r- c:\windows\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
    2006-12-01 03:20 . 2006-12-01 03:20 65536 -c--a-r- c:\windows\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut3_236BB7C4441942FD04091E257A25E34D
    2006-12-01 03:20 . 2006-12-01 03:20 5091840 -c--a-w- c:\windows\Installer\37478.msi
    2006-11-19 18:56 . 2006-11-19 18:56 32768 -c--a-r- c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
    2006-11-19 18:56 . 2006-11-19 18:56 428544 -c--a-w- c:\windows\Installer\431879.msi
    2006-10-27 19:18 . 2006-10-27 19:18 1658152 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
    2006-10-27 19:12 . 2006-10-27 19:12 1082144 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\RICHED20.DLL_0001
    2006-10-27 19:11 . 2006-10-27 19:11 26904 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12PXY.CNV
    2006-10-27 01:13 . 2006-10-27 01:13 72472 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
    2006-10-27 01:07 . 2006-10-27 01:07 17680 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
    2006-10-27 00:13 . 2006-10-27 00:13 932688 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSOSHEXT.DLL.x86
    2006-10-27 00:12 . 2006-10-27 00:12 396592 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
    2006-10-26 18:31 . 2006-10-26 18:31 80696 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XLSRVINTL.DLL_1033
    2006-10-26 18:02 . 2006-10-26 18:02 2331920 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OFFICE.ODF
    2006-10-26 17:56 . 2006-10-26 17:56 757008 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSPTLS.DLL_0001
    2006-10-02 18:27 . 2006-10-02 18:27 458752 -c--a-w- c:\windows\Installer\484b38.msi
    2006-09-28 15:08 . 2006-09-28 15:08 9573888 -c--a-r- c:\windows\Installer\dd920.msp
    2006-09-15 17:13 . 2006-09-15 17:13 23040 -c--a-w- c:\windows\Installer\180886f.mst
    2006-09-04 08:10 . 2006-09-04 08:10 1422088 -c--a-r- c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\msxml5.dll.AB5E1073_AD9B_48DF_B07F_3E445B5A45CF
    2006-08-29 21:50 . 2006-08-29 21:50 3210240 -c--a-r- c:\windows\Installer\dd8b6.msp
    2006-08-14 20:54 . 2006-08-14 20:54 7709184 -c--a-r- c:\windows\Installer\dd990.msp
    2006-07-10 15:21 . 2006-07-10 15:21 4104192 -c--a-r- c:\windows\Installer\dd7a5.msp
    2006-06-26 21:35 . 2006-06-26 21:35 324324 -c--a-w- c:\windows\Installer\MSI3C.tmp
    2006-06-12 19:15 . 2006-06-12 19:15 323584 -c--a-r- c:\windows\Installer\dda10.msp
    2006-06-08 03:54 . 2006-06-08 03:54 115712 -c--a-w- c:\windows\Installer\159374.msi
    2006-06-08 03:34 . 2006-06-08 03:34 1002496 -c--a-w- c:\windows\Installer\23893.msi
    2006-05-06 17:51 . 2006-05-06 17:51 323685 -c--a-w- c:\windows\Installer\MSI1CC.tmp
    2006-04-19 04:20 . 2006-04-19 04:20 323685 -c--a-w- c:\windows\Installer\MSI62.tmp
    2006-04-03 19:48 . 2006-04-03 19:48 323685 -c--a-w- c:\windows\Installer\MSI65.tmp
    2006-03-28 19:37 . 2006-03-28 19:37 6956032 -c--a-r- c:\windows\Installer\dd8da.msp
    2006-02-27 20:31 . 2006-02-27 20:31 1269248 -c--a-r- c:\windows\Installer\dd8fd.msp
    2006-02-22 13:41 . 2006-02-22 13:41 2815488 -c--a-r- c:\windows\Installer\dd7c7.msp
    2005-12-20 02:31 . 2005-12-20 02:31 379392 -c--a-w- c:\windows\Installer\MSI192.tmp
    2005-12-20 02:30 . 2005-12-20 02:30 379392 -c--a-w- c:\windows\Installer\MSI18E.tmp
    2005-11-14 20:38 . 2005-11-14 20:38 72192 -c--a-r- c:\windows\Installer\dd9d9.msp
    2005-10-31 14:56 . 2005-10-31 14:56 3310 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
    2005-10-31 14:56 . 2005-10-31 14:56 1078 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
    2005-10-31 14:56 . 2005-10-31 14:56 1078 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
    2005-10-31 14:56 . 2005-10-31 14:56 1078 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
    2005-10-31 14:56 . 2005-10-31 14:56 1078 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
    2005-10-31 14:56 . 2005-10-31 14:56 1078 -c--a-r- c:\windows\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
    2005-10-31 14:56 . 2005-10-31 14:56 101376 -c--a-w- c:\windows\Installer\cfc79.msi
    2005-10-13 16:40 . 2005-10-13 16:40 121344 -c--a-w- c:\windows\Installer\6ce9c6.msi
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_001308A2_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_00130723_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_0013070E_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_00130708_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_00130705_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 22486 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\DocViewerIcon.25F8BB56_9D2B_4FCC_9487_9F0DB6D21644
    2005-10-13 16:40 . 2005-10-13 16:40 40960 -c--a-r- c:\windows\Installer\{172975EB-9465-4861-95B5-C7BB6D3DE62A}\_00130700_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:40 . 2005-10-13 16:40 994304 -c--a-w- c:\windows\Installer\6ce9c1.msi
    2005-10-13 16:39 . 2005-10-13 16:39 121344 -c--a-w- c:\windows\Installer\65ebcc.msi
    2005-10-13 16:39 . 2005-10-13 16:39 239616 -c--a-w- c:\windows\Installer\65ebc7.msi
    2005-10-13 16:38 . 2005-10-13 16:38 402944 -c--a-w- c:\windows\Installer\65ebc0.msi
    2005-10-13 16:38 . 2005-10-13 16:38 131072 -c--a-w- c:\windows\Installer\65eb4e.msi
    2005-10-13 16:38 . 2005-10-13 16:38 210432 -c--a-w- c:\windows\Installer\65eb48.msi
    2005-10-13 16:38 . 2005-10-13 16:38 137728 -c--a-w- c:\windows\Installer\65eb43.msi
    2005-10-13 16:38 . 2005-10-13 16:38 123904 -c--a-w- c:\windows\Installer\65eb3e.msi
    2005-10-13 16:38 . 2005-10-13 16:38 135680 -c--a-w- c:\windows\Installer\65eb38.msi
    2005-10-13 16:37 . 2005-10-13 16:37 124416 -c--a-w- c:\windows\Installer\65eb32.msi
    2005-10-13 16:37 . 2005-10-13 16:37 123904 -c--a-w- c:\windows\Installer\65eb2d.msi
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_001308A2_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_00130723_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_0013070E_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_00130708_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_00130705_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 40960 -c--a-r- c:\windows\Installer\{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}\_00130700_B1BA_11CE_ABC6_F5B2E79D9E3F_
    2005-10-13 16:37 . 2005-10-13 16:37 1587712 -c--a-w- c:\windows\Installer\65eb26.msi
    2005-10-13 16:36 . 2005-10-13 16:36 260608 -c--a-w- c:\windows\Installer\65eb08.msi
    2005-10-13 16:35 . 2005-10-13 16:35 121344 -c--a-w- c:\windows\Installer\65eaff.msi
    2005-10-13 16:34 . 2005-10-13 16:34 3443712 -c--a-w- c:\windows\Installer\65eaf7.msi
    2005-10-13 16:31 . 2005-10-13 16:31 303104 -c--a-w- c:\windows\Installer\5f379f.msi
    2005-10-13 16:31 . 2005-10-13 16:31 353792 -c--a-w- c:\windows\Installer\5f379a.msi
    2005-10-13 16:30 . 2005-10-13 16:30 121344 -c--a-w- c:\windows\Installer\5f378e.msi
    2005-10-13 16:30 . 2005-10-13 16:30 315392 -c--a-w- c:\windows\Installer\5f3789.msi
    2005-10-13 16:30 . 2005-10-13 16:30 299008 -c--a-w- c:\windows\Installer\5f3780.msi
    2005-10-13 16:30 . 2005-10-13 16:30 4286 -c--a-r- c:\windows\Installer\{EA103B64-C0E4-4C0E-A506-751590E1653D}\Shortcut_start.9FAB98ED_2143_4534_9750_7CD4ECEB9596.exe
    2005-10-13 16:30 . 2005-10-13 16:30 491008 -c--a-w- c:\windows\Installer\5f377a.msi
    2005-10-13 16:29 . 2005-10-13 16:29 247296 -c--a-w- c:\windows\Installer\5f3775.msi
    2005-10-13 16:29 . 2005-10-13 16:29 21504 -c--a-r- c:\windows\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\1033.mst
    2005-10-13 16:29 . 2005-10-13 16:29 65536 -c--a-r- c:\windows\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
    2005-10-13 16:29 . 2005-10-13 16:29 589312 -c--a-w- c:\windows\Installer\5f3770.msi
    2005-10-13 16:29 . 2005-10-13 16:29 175616 -c--a-w- c:\windows\Installer\5f376a.msi
    2005-10-13 16:29 . 2005-10-13 16:29 121344 -c--a-w- c:\windows\Installer\5f3762.msi
    2005-10-13 16:26 . 2005-10-13 16:26 120832 -c--a-w- c:\windows\Installer\5f375d.msi
    2005-10-13 16:25 . 2005-10-13 16:25 3584 -c--a-r- c:\windows\Installer\{F5DA4BCE-78D3-4B15-A74B-1688A6EF38E3}\1033.mst
    2005-10-13 16:25 . 2005-10-13 16:25 5662720 -c--a-w- c:\windows\Installer\5f3758.msi
    2005-10-13 16:25 . 2005-10-13 16:25 744448 -c--a-w- c:\windows\Installer\5f3752.msi
    2005-09-25 15:46 . 2005-09-25 15:46 16084480 -c--a-r- c:\windows\Installer\dd938.msp
    2005-08-11 18:16 . 2005-08-11 18:16 45056 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut12_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 45056 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut3_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 65536 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut2_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 65536 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut4_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 45056 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut6_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 65536 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\NewShortcut8_1CDD873A079C4F6CAD60D5EE352BFF09.exe
    2005-08-11 18:16 . 2005-08-11 18:16 65536 -c--a-r- c:\windows\Installer\{1CDD873A-079C-4F6C-AD60-D5EE352BFF09}\ARPPRODUCTICON.exe1
    2005-08-11 18:16 . 2005-08-11 18:16 3046912 -c--a-w- c:\windows\Installer\eaa6d0.msi
    2005-08-10 23:42 . 2005-08-10 23:42 45056 -c--a-r- c:\windows\Installer\{42679FD9-38C9-4456-B460-2281D6DC524B}\NewShortcut4_42679FD938C94456B4602281D6DC524B.exe
    2005-07-06 14:09 . 2005-07-06 14:09 1422848 -c--a-r- c:\windows\Installer\1c85f6.msp
    2005-07-05 17:49 . 2005-07-05 17:49 10723328 -c--a-r- c:\windows\Installer\c23b19.msp
    2005-06-29 21:33 . 2005-06-29 21:33 131072 -c--a-r- c:\windows\Installer\{47808F78-F178-49DC-B708-15FE538B16FF}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
    2005-01-31 19:24 . 2005-01-31 19:24 1078 -c--a-r- c:\windows\Installer\{DE057B84-3977-4107-AA5C-BD0600CDC8DF}\NewShortcut4_B4A6CA1E1ACF4DC2A470D3914A181B96_1.pdf
    2005-01-31 19:24 . 2005-01-31 19:24 40960 -c--a-r- c:\windows\Installer\{DE057B84-3977-4107-AA5C-BD0600CDC8DF}\_E3F5EF91_8E89_4E00_BC4A_4D67B0C1AE77
    2005-01-31 19:24 . 2005-01-31 19:24 40960 -c--a-r- c:\windows\Installer\{DE057B84-3977-4107-AA5C-BD0600CDC8DF}\ARPPRODUCTICON.exe
    2005-01-31 19:24 . 2005-01-31 19:24 40960 -c--a-r- c:\windows\Installer\{DE057B84-3977-4107-AA5C-BD0600CDC8DF}\_68283D09_D0A5_4D19_9328_1289E6997E95_
    2005-01-31 19:24 . 2005-01-31 19:24 16129024 -c--a-w- c:\windows\Installer\106318.msi
    2004-11-20 22:22 . 2004-11-20 22:22 3588096 -c--a-w- c:\windows\Installer\12e3a5.msi
    2004-09-13 04:35 . 2004-09-13 04:35 1452544 -c--a-r- c:\windows\Installer\dd831.msp
    2004-08-25 12:52 . 2004-08-25 12:52 376832 -c--a-r- c:\windows\Installer\dd9b6.msp
    2004-08-09 02:07 . 2004-08-09 02:07 325509 -c--a-w- c:\windows\Installer\MSI7.tmp
    2004-06-12 19:15 . 2009-08-23 05:03 22528 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    2004-06-12 19:15 . 2009-08-23 05:03 3584 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    2004-06-12 19:15 . 2009-08-23 05:03 114688 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    2004-06-12 19:15 . 2009-08-23 05:03 2560 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    2004-06-12 19:15 . 2009-08-23 05:03 8192 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    2004-06-12 19:15 . 2009-08-23 05:03 167936 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    2004-06-12 19:15 . 2009-08-23 05:03 16384 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    2004-06-12 19:15 . 2009-08-23 05:03 30720 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    2004-06-12 19:15 . 2009-08-23 05:03 34304 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
    2004-06-12 19:15 . 2009-08-23 05:03 45056 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    2004-06-12 19:15 . 2009-08-23 05:03 766 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\graph.ico
    2004-06-12 19:15 . 2009-08-23 05:03 90112 ----a-r- c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    2004-06-12 19:15 . 2004-06-12 19:15 3262464 -c--a-w- c:\windows\Installer\b1903.msi
    2004-05-15 17:37 . 2004-05-15 17:37 325509 -c--a-w- c:\windows\Installer\MSI38.tmp
    2004-05-04 18:05 . 2004-05-04 18:05 325509 -c--a-w- c:\windows\Installer\MSI5.tmp
    2004-03-10 13:13 . 2004-03-10 13:13 2602496 -c--a-r- c:\windows\Installer\dd86f.msp
    2004-01-30 07:19 . 2004-01-30 07:19 56269996 -c--a-r- c:\windows\Installer\109dd4.msp
    2003-12-02 02:53 . 2003-12-02 02:53 318 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}(2)\SFLink.html
    2003-12-02 02:53 . 2003-12-02 02:53 45056 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}(2)\UninstPrem
    2003-09-25 01:34 . 2003-09-25 01:34 45056 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\Camio.exe
    2003-09-25 01:34 . 2003-09-25 01:34 45056 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\PremEXE.exe
    2003-09-25 01:34 . 2003-09-25 01:34 45056 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\NewShortcut1_1.exe
    2003-09-25 01:34 . 2003-09-25 01:34 4710 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\ARPPRODUCTICON.exe
    2003-09-25 01:34 . 2003-09-25 01:34 40960 -c--a-r- c:\windows\Installer\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}\NewShortcut1_3.exe
    2003-09-25 01:34 . 2003-09-25 01:34 2268672 -c--a-w- c:\windows\Installer\1b7ebd.msi
    2003-04-19 14:55 . 2003-04-19 14:55 301607 -c--a-w- c:\windows\Installer\MSI19.tmp
    2003-03-04 21:42 . 2007-06-18 01:53 143360 -c--a-r- c:\windows\Installer\{9E0FB790-5971-41F3-A1C3-1CF9E153FF2A}\_53D89420B398_11D5_A488_00C04F5C955D.exe
    2003-03-04 21:42 . 2007-06-18 01:53 65536 -c--a-r- c:\windows\Installer\{9E0FB790-5971-41F3-A1C3-1CF9E153FF2A}\_43F04170B398_11D5_A488_00C04F5C955D.exe
    2002-12-12 07:23 . 2002-12-12 07:23 544768 -c--a-r- c:\windows\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\1033.MST
    2002-12-12 07:23 . 2002-12-12 07:23 49152 -c--a-r- c:\windows\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_442C5589CC68_4BDA_A680_2786253361C6.exe
    2002-12-12 07:23 . 2002-12-12 07:23 3049472 -c--a-w- c:\windows\Installer\787d.msi
    2002-12-12 07:23 . 2002-12-12 07:23 0 -c--a-w- c:\windows\Installer\7877.mst
    2002-12-12 07:23 . 2002-12-12 07:23 0 -c--a-w- c:\windows\Installer\7878.mst
    2002-12-12 07:16 . 2002-12-12 07:16 2778112 -c--a-w- c:\windows\Installer\37728.msi
    2002-12-12 07:13 . 2002-12-12 07:13 40960 -c--a-r- c:\windows\Installer\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}\NewShortcut1.65874DDB_39D7_4CC2_B88D_55A29EFDA9F4.cpl
    2002-12-12 07:13 . 2002-12-12 07:13 825344 -c--a-w- c:\windows\Installer\37719.msi
    2002-12-12 07:11 . 2002-12-12 07:11 2652672 -c--a-w- c:\windows\Installer\2ae8b.msi
    2002-12-12 07:10 . 2002-12-12 07:10 530432 -c--a-r- c:\windows\Installer\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}\1033.mst
    2002-12-12 07:10 . 2002-12-12 07:10 2149888 -c--a-w- c:\windows\Installer\1f226.msi
    2002-12-12 07:10 . 2002-12-12 07:10 528896 -c--a-r- c:\windows\Installer\{11F1920A-56A2-4642-B6E0-3B31A12C9288}\1033.mst
    2002-12-12 07:10 . 2002-12-12 07:10 26694 -c--a-r- c:\windows\Installer\{11F1920A-56A2-4642-B6E0-3B31A12C9288}\infodev.exe
    2002-12-12 07:10 . 2002-12-12 07:10 2120192 -c--a-w- c:\windows\Installer\1f220.msi
    2002-09-09 20:55 . 2002-09-09 20:55 2347520 -c--a-w- c:\windows\Installer\1C5CE.MSI
    2002-09-09 20:55 . 2002-09-09 20:55 34304 -c--a-r- c:\windows\Installer\{90300409-6000-11D3-8CFE-0050048383C9}\MISC.EXE
    2002-09-09 20:54 . 2009-08-23 05:03 155702 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
    2002-09-09 20:54 . 2009-08-23 05:03 2560 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    2002-09-09 20:54 . 2009-08-23 05:03 766 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\graph.ico
    2002-09-09 20:54 . 2009-08-23 05:03 34304 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
    2002-09-09 20:54 . 2009-08-23 05:03 8192 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    2002-09-09 20:54 . 2009-08-23 05:03 3584 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    2002-09-09 20:54 . 2009-08-23 05:03 114688 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    2002-09-09 20:54 . 2009-08-23 05:03 16384 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    2002-09-09 20:54 . 2009-08-23 05:03 12800 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
    2002-09-09 20:54 . 2009-08-23 05:03 22528 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    2002-09-09 20:54 . 2009-08-23 05:03 45056 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    2002-09-09 20:54 . 2009-08-23 05:03 90112 ----a-r- c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    2002-09-09 20:54 . 2002-09-09 20:54 3034112 -c--a-w- c:\windows\Installer\1C5CA.MSI
    2002-09-03 08:06 . 2002-09-03 08:06 264704 -c--a-w- c:\windows\Installer\1128E.MSI
    2002-09-03 08:06 . 2002-09-03 08:06 166912 -c--a-r- c:\windows\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\PLACES.EXE
    2002-06-13 01:01 . 2002-06-13 01:01 7100416 -c--a-w- c:\windows\Installer\37713.msp
    2001-11-21 03:31 . 2001-11-21 03:31 17280000 -c--a-w- c:\windows\Installer\37769.msp


    ((((((((((((((((((((((((((((( SnapShot_2009-09-12_20.13.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-13 04:35 . 2009-09-13 04:35 16384 c:\windows\temp\Perflib_Perfdata_710.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW4"="c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [BU]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
    "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-10-22 1622016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-05 14:00 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Ou Lee^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
    path=c:\documents and settings\Ou Lee\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
    backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1105821942\\ee\\aolservicehost.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\pipi\\jfCacheMgr.exe"=
    "c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
    "c:\\Program Files\\pipi\\PIPIPlayer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\Ou Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Ou Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "88:UDP"= 88:UDP:xbox2
    "3074:TCP"= 3074:TCP:xbox3
    "3074:UDP"= 3074:UDP:xbox4
    "53:TCP"= 53:TCP:xbox5
    "53:UDP"= 53:UDP:xbox6
    "57397:TCP"= 57397:TCP:Pando Media Booster
    "57397:UDP"= 57397:UDP:Pando Media Booster

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/29/2009 11:49 PM 335752]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/29/2009 11:49 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/29/2009 11:49 PM 298776]
    S0 IFP300;iRiver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?]
    S0 nspIkrf;nspIkrf;c:\windows\system32\drivers\idpk.sys --> c:\windows\system32\drivers\idpk.sys [?]
    S3 LTDPIPE;LTDPIPE;\??\c:\docume~1\JEFFRE~2\LOCALS~1\Temp\LTDPIPE.SYS --> c:\docume~1\JEFFRE~2\LOCALS~1\Temp\LTDPIPE.SYS [?]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [12/22/2002 7:43 PM 15576]
    S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011Core.job
    - c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 23:51]

    2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422460771-3482740044-848249443-1011UA.job
    - c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 23:51]

    2009-09-12 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

    2005-10-13 c:\windows\Tasks\WebReg .job
    - c:\program files\HP\digital imaging\bin\hpqwrg.exe [2005-05-12 04:21]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = [You must be registered and logged in to see this link.]
    mSearch Bar = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: aol.com\free
    TCP: {DB2EDB9E-0371-481E-AED2-BBAEF1523F69} = 208.67.222.222,208.67.220.220
    Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
    DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
    DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
    FF - ProfilePath - c:\documents and settings\Ou Lee\Application Data\Mozilla\Firefox\Profiles\aa390js1.default\
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\Ou Lee\Application Data\Mozilla\Firefox\Profiles\aa390js1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
    FF - plugin: c:\documents and settings\Ou Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Ou Lee\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2009-09-13 00:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3204)
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\SYSTEM32\nvsvc32.exe
    c:\windows\SYSTEM32\MsPMSPSv.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\SYSTEM32\wscntfy.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-13 0:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-13 04:42
    ComboFix2.txt 2009-09-12 20:18
    ComboFix3.txt 2009-05-08 01:48
    ComboFix4.txt 2009-04-02 00:10

    Pre-Run: 26,515,177,472 bytes free
    Post-Run: 26,479,755,264 bytes free

    590 --- E O F --- 2009-09-10 07:07

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by Dr Jay on 13th September 2009, 10:06 am

    Hi

    Go to start > run and copy and paste next command in the field:
    ComboFix /u

    Make sure there's a space between Combofix and /
    Then hit enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    ==

    Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

    In your next reply, please include the contents of the Malwarebytes log, and post a fresh HijackThis log.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 13th September 2009, 2:27 pm

    Malwarebytes' Anti-Malware 1.41
    Database version: 2790
    Windows 5.1.2600 Service Pack 2

    9/13/2009 10:27:09 AM
    mbam-log-2009-09-13 (10-27-09).txt

    Scan type: Quick Scan
    Objects scanned: 120690
    Time elapsed: 9 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by darkx2987 on 13th September 2009, 2:33 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:32:45 AM, on 9/13/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Ou Lee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
    O3 - Toolbar: ????(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - [You must be registered and logged in to see this link.]
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB2EDB9E-0371-481E-AED2-BBAEF1523F69}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

    --
    End of file - 8664 bytes

    darkx2987
    Novice
    Novice

    Posts Posts : 19
    Joined Joined : 2009-09-09
    OS OS : XP
    Points Points : 26501
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Hijack This! Log.

    Post by Dr Jay on 13th September 2009, 6:05 pm

    Hi

    Please open AVG, and update the program. Please do it as often as possible (at least once every two days).

    ==

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.

    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    ==

    Please navigate to the Control Panel and enter Add or Remove Programs. Please remove the following:

    -SpyBot (Search & Destroy)
    -All versions of Adobe Reader, you see
    -All versions of Java, you see

    I see you are running a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

    ==

    Adobe Reader is out of date and older versions contain vulnerabilities. Please download the newest version from [You must be registered and logged in to see this link.]
    Please uncheck Google toolbar unless you want to download it.

    ==

    Java is out of date.

    Download the newest version from here [url="http://www.java.com/en/download/manual.jsp"][You must be registered and logged in to see this link.]

    Please install the newest version.

    ==

    Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

    ==

    In your next reply, please tell me how your computer is running and how the updates went. Also, please tell me if you notice any strange activity, such as popups, slowness, or browser hijacks. All of this is important, because any problems in updating or more strange activity, may be a sign of more malware.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum