Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please check my HJT log as I want to apply for the uni...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 9th, 2009, 10:03 pm

I want to apply for the MWR university (well I just did) and want to make sure my machine is clean before I I get accepted/rejected (touch wood).

Here is a hijack this log. Im sure my PC is clean, but you can never know. Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:00 AM, on 10/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... 4&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: uTorrent Turbo Booster.lnk = C:\Program Files\uTorrent Turbo Booster\uTorrent Turbo Booster.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7112 bytes


Thank you for reading,
James.
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm
Advertisement
Register to Remove

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 26th, 2009, 8:14 pm

Hello James and sorry about the delay,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

If you still need help, please do the following:

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 27th, 2009, 12:03 pm

Thank you for the help. Here you go (sorry had to make 3 posts as there were to many characters for 1 or 2 posts):

info.txt logfile of random's system information tool 1.06 2009-03-27 15:56:07

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Any Video Converter 2.7.2-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Wireless Driver-->C:\Program Files\InstallShield Installation Information\{D593C72C-435B-4171-8106-9CA8AA34D716}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Magician 3.4-->"C:\Program Files\Driver Magician\unins000.exe"
DVD Creator3-->C:\Program Files\Xilisoft\DVD Creator3\Uninstall.exe
ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToMyPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F4D4FD-1814-4068-B316-C28FC776C6DD}\Setup.exe" -l0x9 AddRemovePrograms
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire PRO 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Magic Video Converter Trial Version (English) 8.0.2.18-->"C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Privoxy (remove only)-->"C:\Program Files\Privoxy\privoxy_uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VIA Chrome9 HC IGP Family Display 7.14.14.0069-->C:\PROGRA~1\S3\Chrome9HC\s3minset.exe /u -log Chrome9HC.uns
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Vuze Turbo Booster-->C:\Program Files\Vuze Turbo Booster\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Ripper Platinum 5-->C:\Program Files\Xilisoft\DVD Ripper Platinum 5\Uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall
AS: ESET Smart Security 3.0
AS: Windows Defender

======System event log======

Computer Name: James-PC
Event Code: 8
Message: The jobs in the print queue for printer GoToMyPC Printer were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Record Number: 47263
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090327142350.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 4
Message: Printer GoToMyPC Printer will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Record Number: 47264
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090327142350.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 3
Message: Printer GoToMyPC Printer was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box.
Record Number: 47265
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090327142350.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 47266
Source Name: Tcpip
Time Written: 20090327153221.478808-000
Event Type: Warning
User:

Computer Name: James-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 47267
Source Name: Tcpip
Time Written: 20090327153744.681808-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: James-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2119908331-4203043047-2055449669-1002_Classes:
Process 984 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2119908331-4203043047-2055449669-1002_CLASSES

Record Number: 8757
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090327014943.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module Flash10a.ocx, version 10.0.12.36, time stamp 0x48e83175, exception code 0xc0000005, fault offset 0x000dd173, process id 0xbb8, application start time 0x01c9aea303ea1310.
Record Number: 8787
Source Name: Application Error
Time Written: 20090327075303.000000-000
Event Type: Error
User:

Computer Name: James-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2119908331-4203043047-2055449669-1001:
Process 984 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2119908331-4203043047-2055449669-1001

Record Number: 8816
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090327131906.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2119908331-4203043047-2055449669-1001_Classes:
Process 984 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2119908331-4203043047-2055449669-1001_CLASSES

Record Number: 8817
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090327131907.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: James-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e439f04b-0e67-44b9-9cdf-533f96095289}
Record Number: 8842
Source Name: VSS
Time Written: 20090327134805.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: James-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13776
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090327155600.737808-000
Event Type: Audit Failure
User:

Computer Name: James-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13777
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090327155600.774808-000
Event Type: Audit Failure
User:

Computer Name: James-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13778
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090327155600.811808-000
Event Type: Audit Failure
User:

Computer Name: James-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13779
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090327155600.847808-000
Event Type: Audit Failure
User:

Computer Name: James-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 13780
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090327155600.883808-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Last edited by jamestaylor on March 27th, 2009, 12:08 pm, edited 1 time in total.
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 27th, 2009, 12:06 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by James at 2009-03-27 15:55:55
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 33 GB (23%) free of 147 GB
Total RAM: 2494 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:56:01 PM, on 27/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\S3Funkey.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... 4&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3Funkey] S3Funkey.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7481 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2119908331-4203043047-2055449669-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-03 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-28 198160]
"S3Funkey"=C:\Windows\system32\S3Funkey.exe [2008-03-05 102400]
"S3Trayp"=S3trayp.exe -chkautorun []
"GoToMyPC"=C:\Program Files\Citrix\GoToMyPC\g2svc.exe [2008-09-30 258856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Privoxy.lnk - C:\Program Files\Privoxy\privoxy.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-03-27 15:55:55 ----D---- C:\rsit
2009-03-27 13:48:29 ----A---- C:\Windows\system32\gotomon.dll
2009-03-27 13:48:26 ----D---- C:\Program Files\Citrix
2009-03-26 20:33:49 ----D---- C:\ProgramData\Messenger Plus!
2009-03-26 20:30:08 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-21 03:38:26 ----D---- C:\Users\James\AppData\Roaming\Any Video Converter
2009-03-21 03:38:12 ----D---- C:\Program Files\Any Video Converter
2009-03-20 00:58:34 ----A---- C:\Windows\system32\msvcr71d.dll
2009-03-20 00:58:34 ----A---- C:\Windows\system32\msvcr70.dll
2009-03-20 00:51:19 ----A---- C:\Users\James\AppData\Roaming\ezpinst.exe
2009-03-20 00:50:58 ----D---- C:\Program Files\Magic Video Converter
2009-03-15 17:19:45 ----D---- C:\Users\James\AppData\Roaming\AdobeUM
2009-03-14 19:15:01 ----D---- C:\Program Files\Privoxy
2009-03-14 05:59:04 ----N---- C:\Windows\system32\difxapi.dll
2009-03-14 05:59:04 ----D---- C:\Program Files\VIA
2009-03-14 05:56:23 ----D---- C:\Program Files\Realtek
2009-03-14 05:48:36 ----A---- C:\Windows\system32\VTGOGL32.DLL
2009-03-14 05:48:35 ----A---- C:\Windows\system32\s3trayp.exe
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3ovrlay.dll
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3minset.exe
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3Info2.dll
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3Gamma2.dll
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3Funkey.exe
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3Disply.dll
2009-03-14 05:48:34 ----A---- C:\Windows\system32\S3Cfg3d.dll
2009-03-14 05:47:35 ----HD---- C:\Program Files\Temp
2009-03-14 05:30:21 ----A---- C:\Windows\system32\XCEEDZIP.DLL
2009-03-14 05:30:21 ----A---- C:\Windows\system32\XceedCry.dll
2009-03-14 05:30:18 ----D---- C:\Program Files\Driver Magician
2009-03-13 00:22:46 ----D---- C:\Users\James\AppData\Roaming\GetRightToGo
2009-03-12 01:58:44 ----D---- C:\Program Files\Vuze Turbo Booster
2009-03-12 00:54:15 ----D---- C:\ProgramData\SymplisIT
2009-03-12 00:53:40 ----D---- C:\Driver Backups
2009-03-12 00:50:51 ----A---- C:\Windows\vmreg32.dll
2009-03-12 00:49:30 ----D---- C:\Program Files\SymplisIT
2009-03-12 00:48:45 ----D---- C:\Windows\Downloaded Installations
2009-03-12 00:26:24 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-03-11 11:02:00 ----A---- C:\Windows\system32\schannel.dll
2009-03-11 02:17:11 ----D---- C:\ProgramData\Azureus
2009-03-11 02:17:02 ----D---- C:\Users\James\AppData\Roaming\Azureus
2009-03-11 02:16:02 ----D---- C:\Program Files\Vuze
2009-03-08 03:41:13 ----D---- C:\Windows\Icon_Patcher
2009-03-08 03:39:55 ----D---- C:\Program Files\Common Files\Stardock
2009-03-08 03:39:54 ----D---- C:\Program Files\Stardock
2009-03-03 02:15:58 ----A---- C:\Windows\system32\wmp.dll
2009-03-03 02:15:57 ----A---- C:\Windows\system32\spwmp.dll
2009-03-03 02:15:56 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-03 02:15:56 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-03 01:48:38 ----D---- C:\Program Files\Adobe Media Player
2009-03-03 01:44:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-02 23:59:37 ----A---- C:\Windows\MegaManager.INI
2009-03-02 23:46:04 ----D---- C:\Program Files\HijackThis
2009-03-02 18:19:27 ----A---- C:\Windows\system32\TUProgSt.exe
2009-03-02 18:19:25 ----A---- C:\Windows\system32\uxtuneup.dll
2009-03-02 18:19:25 ----A---- C:\Windows\system32\authuitu.dll
2009-03-02 18:19:23 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-03-02 16:48:43 ----D---- C:\Program Files\uTorrent Turbo Booster
2009-03-02 13:26:28 ----A---- C:\test.txt
2009-03-01 11:43:54 ----A---- C:\Users\James\AppData\Roaming\AutoGK.ini
2009-02-28 20:42:10 ----D---- C:\Program Files\XviD
2009-02-28 20:41:53 ----D---- C:\Program Files\AviSynth 2.5
2009-02-28 20:40:53 ----D---- C:\Program Files\AutoGK
2009-02-28 20:29:53 ----D---- C:\Users\James\AppData\Roaming\ESET
2009-02-28 20:26:14 ----D---- C:\ProgramData\ESET
2009-02-28 20:26:14 ----D---- C:\Program Files\ESET
2009-02-28 20:09:51 ----D---- C:\Program Files\Common Files\xing shared
2009-02-28 20:09:41 ----A---- C:\Windows\system32\pndx5032.dll
2009-02-28 20:09:41 ----A---- C:\Windows\system32\pndx5016.dll
2009-02-28 20:09:40 ----D---- C:\Program Files\Real
2009-02-28 20:09:37 ----D---- C:\Users\James\AppData\Roaming\Real
2009-02-28 20:09:37 ----D---- C:\Program Files\Common Files\Real
2009-02-25 20:20:07 ----A---- C:\Windows\system32\CF7060.exe
2009-02-25 20:19:59 ----A---- C:\Windows\system32\swsc.exe
2009-02-25 20:19:56 ----A---- C:\Bug.txt
2009-02-22 08:25:39 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-02-22 08:24:40 ----D---- C:\Program Files\Microsoft Sync Framework
2009-02-22 08:23:36 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-02-22 08:23:02 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-02-22 08:21:01 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-22 03:23:59 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-22 01:00:21 ----D---- C:\Windows\Sun
2009-02-21 21:55:26 ----D---- C:\Windows\temp
2009-02-21 21:55:14 ----A---- C:\ComboFix.txt
2009-02-21 21:43:44 ----A---- C:\Windows\zip.exe
2009-02-21 21:43:44 ----A---- C:\Windows\VFIND.exe
2009-02-21 21:43:44 ----A---- C:\Windows\SWXCACLS.exe
2009-02-21 21:43:44 ----A---- C:\Windows\SWSC.exe
2009-02-21 21:43:44 ----A---- C:\Windows\SWREG.exe
2009-02-21 21:43:44 ----A---- C:\Windows\sed.exe
2009-02-21 21:43:44 ----A---- C:\Windows\NIRCMD.exe
2009-02-21 21:43:44 ----A---- C:\Windows\grep.exe
2009-02-21 21:43:44 ----A---- C:\Windows\fdsv.exe
2009-02-21 21:43:42 ----D---- C:\Windows\ERDNT
2009-02-21 21:43:42 ----D---- C:\Qoobox
2009-02-21 19:21:59 ----A---- C:\Windows\ntbtlog.txt
2009-02-21 14:30:00 ----D---- C:\Users\James\AppData\Roaming\Malwarebytes
2009-02-21 14:29:49 ----D---- C:\ProgramData\Malwarebytes
2009-02-21 14:29:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-20 00:52:09 ----D---- C:\Program Files\Trend Micro
2009-02-20 00:33:19 ----D---- C:\ProgramData\Symantec
2009-02-20 00:31:15 ----D---- C:\ProgramData\Norton
2009-02-20 00:27:35 ----D---- C:\ProgramData\NortonInstaller
2009-02-19 19:31:27 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-19 16:53:31 ----A---- C:\Windows\system32\javaws.exe
2009-02-19 16:53:31 ----A---- C:\Windows\system32\javaw.exe
2009-02-19 16:53:31 ----A---- C:\Windows\system32\java.exe
2009-02-19 16:52:41 ----D---- C:\Program Files\Java
2009-02-19 15:18:57 ----D---- C:\Users\James\AppData\Roaming\dvdcss
2009-02-19 15:08:57 ----D---- C:\RECYCLER
2009-02-19 03:12:47 ----D---- C:\Users\James\AppData\Roaming\Vso
2009-02-19 03:02:26 ----D---- C:\ProgramData\DVD Shrink
2009-02-19 02:53:37 ----D---- C:\Users\James\AppData\Roaming\HandBrake
2009-02-17 20:15:23 ----D---- C:\Users\James\AppData\Roaming\DMCache
2009-02-17 05:14:37 ----D---- C:\Users\James\AppData\Roaming\Megaupload
2009-02-17 05:09:31 ----D---- C:\ProgramData\Megaupload
2009-02-17 05:09:31 ----D---- C:\ProgramData\EmailNotifier
2009-02-17 05:08:08 ----D---- C:\Program Files\Megaupload
2009-02-16 15:40:21 ----D---- C:\Users\James\AppData\Roaming\Xilisoft Corporation
2009-02-15 11:44:32 ----D---- C:\Users\James\AppData\Roaming\Mozilla
2009-02-15 11:44:00 ----D---- C:\Users\James\AppData\Roaming\LimeWire
2009-02-15 11:43:11 ----A---- C:\Windows\system32\deploytk.dll
2009-02-15 11:42:02 ----D---- C:\Program Files\LimeWire
2009-02-14 21:39:12 ----D---- C:\Users\James\AppData\Roaming\gtk-2.0
2009-02-14 11:49:27 ----D---- C:\Program Files\GIMP-2.0
2009-02-11 22:10:17 ----D---- C:\Program Files\Xilisoft
2009-02-11 18:14:25 ----D---- C:\ProgramData\eBay
2009-02-11 18:14:25 ----D---- C:\Program Files\eBay
2009-02-11 16:48:48 ----D---- C:\ProgramData\FLEXnet
2009-02-11 09:00:00 ----D---- C:\Users\James\AppData\Roaming\TuneUp Software
2009-02-11 08:59:38 ----D---- C:\ProgramData\TuneUp Software
2009-02-11 08:59:38 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-02-11 08:59:09 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-11 08:58:18 ----D---- C:\ProgramData\Google
2009-02-11 08:51:26 ----D---- C:\Program Files\PC Tune-Up
2009-02-11 08:11:22 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-02-11 07:45:40 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 07:45:38 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 07:45:38 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 07:45:38 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 07:45:38 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 07:45:37 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 07:45:37 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 07:45:37 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 19:13:28 ----D---- C:\Program Files\RealArcade
2009-02-09 14:12:18 ----D---- C:\ProgramData\TEMP
2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
2009-02-05 13:37:24 ----RA---- C:\Windows\system32\roboex32.dll
2009-02-05 13:37:24 ----RA---- C:\Windows\system32\inetwh32.dll
2009-02-03 02:06:37 ----D---- C:\ProgramData\Google Updater
2009-02-03 02:06:34 ----D---- C:\Program Files\Google
2009-02-02 22:11:14 ----D---- C:\Users\James\AppData\Roaming\DivX
2009-02-02 22:09:50 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-02-02 22:09:16 ----D---- C:\Program Files\DivX
2009-02-02 07:23:39 ----A---- C:\Windows\system32\msshooks.dll
2009-02-02 07:23:38 ----A---- C:\Windows\system32\msscb.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\thawbrkr.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-02-02 07:23:33 ----A---- C:\Windows\system32\propsys.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\propdefs.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\msstrc.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\mssprxy.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\mssitlb.dll
2009-02-02 07:23:33 ----A---- C:\Windows\system32\msshsq.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\xmlfilter.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\wsepno.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\srchadmin.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\rtffilt.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\offfilt.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\nlhtml.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\mimefilt.dll
2009-02-02 07:23:32 ----A---- C:\Windows\system32\korwbrkr.dll
2009-02-02 07:23:31 ----A---- C:\Windows\system32\msscntrs.dll
2009-02-02 07:23:31 ----A---- C:\Windows\system32\chtbrkr.dll
2009-02-02 07:23:31 ----A---- C:\Windows\system32\chsbrkr.dll
2009-02-02 07:23:29 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-02-02 07:23:19 ----A---- C:\Windows\system32\tquery.dll
2009-02-02 07:23:19 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-02-02 07:23:19 ----A---- C:\Windows\system32\mssvp.dll
2009-02-02 07:23:19 ----A---- C:\Windows\system32\mssrch.dll
2009-02-02 07:23:19 ----A---- C:\Windows\system32\mssphtb.dll
2009-02-02 07:23:19 ----A---- C:\Windows\system32\mssph.dll
2009-02-01 21:19:51 ----A---- C:\Windows\system32\rpcrt4.dll
2009-02-01 21:19:49 ----A---- C:\Windows\system32\pacerprf.dll
2009-02-01 20:58:49 ----A---- C:\Windows\system32\wersvc.dll
2009-02-01 20:58:49 ----A---- C:\Windows\system32\Faultrep.dll
2009-02-01 20:58:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-02-01 20:58:44 ----A---- C:\Windows\system32\dataclen.dll
2009-02-01 20:58:43 ----A---- C:\Windows\system32\cdd.dll
2009-02-01 20:58:36 ----A---- C:\Windows\system32\vbscript.dll
2009-02-01 20:58:35 ----A---- C:\Windows\system32\wshext.dll
2009-02-01 20:58:35 ----A---- C:\Windows\system32\wscript.exe
2009-02-01 20:58:35 ----A---- C:\Windows\system32\scrrun.dll
2009-02-01 20:58:35 ----A---- C:\Windows\system32\scrobj.dll
2009-02-01 20:58:35 ----A---- C:\Windows\system32\jscript.dll
2009-02-01 20:58:35 ----A---- C:\Windows\system32\cscript.exe
2009-02-01 16:10:56 ----A---- C:\Windows\system32\msonpmon.dll
2009-02-01 16:03:56 ----D---- C:\Program Files\Microsoft Works
2009-02-01 16:03:05 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-01 16:03:04 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-01 16:02:00 ----D---- C:\Program Files\Microsoft.NET
2009-02-01 15:59:19 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-02-01 15:58:17 ----D---- C:\Windows\SHELLNEW
2009-02-01 15:57:38 ----D---- C:\ProgramData\Microsoft Help
2009-02-01 15:57:38 ----D---- C:\Program Files\Microsoft Office
2009-02-01 15:55:23 ----RHD---- C:\MSOCache
2009-02-01 15:35:07 ----D---- C:\Program Files\PowerISO
2009-02-01 02:14:26 ----A---- C:\Windows\system32\lvcoinst.ini
2009-02-01 02:14:26 ----A---- C:\Windows\system32\lvci11901262.dll
2009-02-01 02:13:40 ----D---- C:\Program Files\Logitech
2009-02-01 01:44:39 ----D---- C:\PerfLogs
2009-02-01 01:17:03 ----D---- C:\Users\James\AppData\Roaming\Apple Computer
2009-02-01 01:16:20 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-01 01:16:20 ----A---- C:\Windows\system32\GEARAspi.dll
2009-02-01 01:16:05 ----D---- C:\Program Files\iPod
2009-02-01 01:16:03 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 01:16:03 ----D---- C:\Program Files\iTunes
2009-02-01 01:15:09 ----D---- C:\Program Files\Bonjour
2009-02-01 01:13:58 ----D---- C:\Program Files\QuickTime
2009-02-01 01:13:56 ----D---- C:\ProgramData\Apple Computer
2009-02-01 01:12:56 ----D---- C:\Program Files\Apple Software Update
2009-02-01 01:11:29 ----D---- C:\Program Files\Common Files\Apple
2009-02-01 01:11:28 ----D---- C:\ProgramData\Apple
2009-02-01 00:53:47 ----A---- C:\Windows\system32\onex.dll
2009-02-01 00:53:46 ----A---- C:\Windows\system32\SLsvc.exe
2009-02-01 00:53:32 ----A---- C:\Windows\system32\PSHED.DLL
2009-02-01 00:53:31 ----A---- C:\Windows\system32\imagesp1.dll
2009-02-01 00:53:29 ----A---- C:\Windows\system32\dfsr.exe
2009-02-01 00:53:27 ----A---- C:\Windows\system32\sstpsvc.dll
2009-02-01 00:53:27 ----A---- C:\Windows\system32\pidgenx.dll
2009-02-01 00:53:26 ----A---- C:\Windows\system32\mstscax.dll
2009-02-01 00:53:25 ----A---- C:\Windows\system32\WsmSvc.dll
2009-02-01 00:53:25 ----A---- C:\Windows\system32\winrscmd.dll
2009-02-01 00:53:24 ----A---- C:\Windows\system32\sysmain.dll
2009-02-01 00:53:23 ----A---- C:\Windows\system32\vssapi.dll
2009-02-01 00:53:23 ----A---- C:\Windows\system32\RMActivate.exe
2009-02-01 00:53:22 ----A---- C:\Windows\system32\VSSVC.exe
2009-02-01 00:53:19 ----A---- C:\Windows\system32\secproc.dll
2009-02-01 00:53:19 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-02-01 00:53:19 ----A---- C:\Windows\system32\iesetup.dll
2009-02-01 00:53:17 ----A---- C:\Windows\system32\secproc_isv.dll
2009-02-01 00:53:17 ----A---- C:\Windows\system32\drmv2clt.dll
2009-02-01 00:53:12 ----A---- C:\Windows\system32\xpssvcs.dll
2009-02-01 00:53:12 ----A---- C:\Windows\system32\blackbox.dll
2009-02-01 00:53:10 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-02-01 00:53:10 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-02-01 00:53:10 ----A---- C:\Windows\system32\RacEngn.dll
2009-02-01 00:53:10 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-02-01 00:53:09 ----A---- C:\Windows\system32\rdpencom.dll
2009-02-01 00:53:08 ----A---- C:\Windows\system32\spwizimg.dll
2009-02-01 00:53:08 ----A---- C:\Windows\system32\lpremove.exe
2009-02-01 00:53:08 ----A---- C:\Windows\bfsvc.exe
2009-02-01 00:53:07 ----A---- C:\Windows\system32\ntdll.dll
2009-02-01 00:53:07 ----A---- C:\Windows\system32\msjet40.dll
2009-02-01 00:53:07 ----A---- C:\Windows\system32\lsasrv.dll
2009-02-01 00:53:06 ----A---- C:\Windows\system32\qmgr.dll
2009-02-01 00:53:05 ----A---- C:\Windows\system32\localspl.dll
2009-02-01 00:53:05 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-02-01 00:53:04 ----A---- C:\Windows\system32\wevtsvc.dll
2009-02-01 00:53:03 ----A---- C:\Windows\system32\wcncsvc.dll
2009-02-01 00:53:02 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-02-01 00:53:02 ----A---- C:\Windows\system32\recdisc.exe
2009-02-01 00:53:02 ----A---- C:\Windows\system32\kernel32.dll
2009-02-01 00:53:01 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2009-02-01 00:53:00 ----A---- C:\Windows\system32\vds.exe
2009-02-01 00:52:58 ----A---- C:\Windows\system32\wcnwiz.dll
2009-02-01 00:52:58 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-02-01 00:52:58 ----A---- C:\Windows\system32\mstsc.exe
2009-02-01 00:52:57 ----A---- C:\Windows\system32\msvbvm60.dll
2009-02-01 00:52:55 ----A---- C:\Windows\system32\termsrv.dll
2009-02-01 00:52:55 ----A---- C:\Windows\system32\msdtctm.dll
2009-02-01 00:52:55 ----A---- C:\Windows\system32\advapi32.dll
2009-02-01 00:52:54 ----A---- C:\Windows\system32\kerberos.dll
2009-02-01 00:52:54 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-02-01 00:52:53 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-02-01 00:52:52 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2009-02-01 00:52:52 ----A---- C:\Windows\system32\MPSSVC.dll
2009-02-01 00:52:52 ----A---- C:\Windows\system32\CertEnroll.dll
2009-02-01 00:52:51 ----A---- C:\Windows\system32\xolehlp.dll
2009-02-01 00:52:51 ----A---- C:\Windows\system32\Query.dll
2009-02-01 00:52:51 ----A---- C:\Windows\system32\ole32.dll
2009-02-01 00:52:51 ----A---- C:\Windows\system32\msdtcprx.dll
2009-02-01 00:52:50 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-02-01 00:52:50 ----A---- C:\Windows\system32\netlogon.dll
2009-02-01 00:52:49 ----A---- C:\Windows\system32\SSShim.dll
2009-02-01 00:52:49 ----A---- C:\Windows\system32\msvcrt.dll
2009-02-01 00:52:49 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-02-01 00:52:48 ----A---- C:\Windows\system32\nlmgp.dll
2009-02-01 00:52:48 ----A---- C:\Windows\system32\DfsShlEx.dll
2009-02-01 00:52:47 ----A---- C:\Windows\system32\shlwapi.dll
2009-02-01 00:52:47 ----A---- C:\Windows\system32\sdclt.exe
2009-02-01 00:52:47 ----A---- C:\Windows\system32\schedsvc.dll
2009-02-01 00:52:47 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-02-01 00:52:47 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-02-01 00:52:46 ----A---- C:\Windows\system32\milcore.dll
2009-02-01 00:52:45 ----A---- C:\Windows\system32\wer.dll
2009-02-01 00:52:45 ----A---- C:\Windows\system32\vdsdyn.dll
2009-02-01 00:52:45 ----A---- C:\Windows\system32\user32.dll
2009-02-01 00:52:45 ----A---- C:\Windows\system32\clusapi.dll
2009-02-01 00:52:44 ----A---- C:\Windows\system32\WSDApi.dll
2009-02-01 00:52:44 ----A---- C:\Windows\system32\winrsmgr.dll
2009-02-01 00:52:44 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-02-01 00:52:44 ----A---- C:\Windows\system32\mmc.exe
2009-02-01 00:52:44 ----A---- C:\Windows\system32\diagperf.dll
2009-02-01 00:52:44 ----A---- C:\Windows\system32\d3d9.dll
2009-02-01 00:52:43 ----A---- C:\Windows\system32\mtxclu.dll
2009-02-01 00:52:42 ----A---- C:\Windows\system32\vdsbas.dll
2009-02-01 00:52:42 ----A---- C:\Windows\system32\SLC.dll
2009-02-01 00:52:41 ----A---- C:\Windows\system32\swprv.dll
2009-02-01 00:52:41 ----A---- C:\Windows\system32\msi.dll
2009-02-01 00:52:41 ----A---- C:\Windows\system32\comctl32.dll
2009-02-01 00:52:39 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-02-01 00:52:39 ----A---- C:\Windows\system32\gpsvc.dll
2009-02-01 00:52:38 ----A---- C:\Windows\system32\XPSSHHDR.dll
2009-02-01 00:52:38 ----A---- C:\Windows\system32\samsrv.dll
2009-02-01 00:52:38 ----A---- C:\Windows\system32\msdtckrm.dll
2009-02-01 00:52:38 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-02-01 00:52:37 ----A---- C:\Windows\system32\wecutil.exe
2009-02-01 00:52:37 ----A---- C:\Windows\system32\sbe.dll
2009-02-01 00:52:37 ----A---- C:\Windows\system32\mfc42u.dll
2009-02-01 00:52:37 ----A---- C:\Windows\system32\esent.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\usp10.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\sdengin2.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\mfc42.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\gacinstall.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\cmipnpinstall.dll
2009-02-01 00:52:36 ----A---- C:\Windows\system32\cmicryptinstall.dll
2009-02-01 00:52:35 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2009-02-01 00:52:35 ----A---- C:\Windows\system32\mswsock.dll
2009-02-01 00:52:35 ----A---- C:\Windows\system32\crypt32.dll
2009-02-01 00:52:35 ----A---- C:\Windows\system32\comsvcs.dll
2009-02-01 00:52:35 ----A---- C:\Windows\system32\certutil.exe
2009-02-01 00:52:34 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-02-01 00:52:33 ----A---- C:\Windows\system32\setupapi.dll
2009-02-01 00:52:33 ----A---- C:\Windows\system32\oleaut32.dll
2009-02-01 00:52:33 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-02-01 00:52:32 ----A---- C:\Windows\system32\sqlceqp30.dll
2009-02-01 00:52:32 ----A---- C:\Windows\system32\lsm.exe
2009-02-01 00:52:32 ----A---- C:\Windows\system32\bcrypt.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\wmpmde.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\wecsvc.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\thumbcache.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\sdohlp.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\p2psvc.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\msv1_0.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-02-01 00:52:31 ----A---- C:\Windows\system32\eapp3hst.dll
2009-02-01 00:52:30 ----A---- C:\Windows\system32\riched20.dll
2009-02-01 00:52:30 ----A---- C:\Windows\system32\autofmt.exe
2009-02-01 00:52:30 ----A---- C:\Windows\system32\autoconv.exe
2009-02-01 00:52:29 ----A---- C:\Windows\system32\vdsutil.dll
2009-02-01 00:52:29 ----A---- C:\Windows\system32\imapi2fs.dll
2009-02-01 00:52:29 ----A---- C:\Windows\system32\d3d10_1.dll
2009-02-01 00:52:29 ----A---- C:\Windows\system32\autochk.exe
2009-02-01 00:52:28 ----A---- C:\Windows\system32\WinSAT.exe
2009-02-01 00:52:28 ----A---- C:\Windows\system32\authui.dll
2009-02-01 00:52:28 ----A---- C:\Windows\system32\authfwcfg.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\wevtapi.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\dmvdsitf.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\comuid.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\comdlg32.dll
2009-02-01 00:52:27 ----A---- C:\Windows\system32\browseui.dll
2009-02-01 00:52:26 ----A---- C:\Windows\system32\WSDMon.dll
2009-02-01 00:52:26 ----A---- C:\Windows\system32\eapphost.dll
2009-02-01 00:52:25 ----A---- C:\Windows\system32\wevtfwd.dll
2009-02-01 00:52:25 ----A---- C:\Windows\system32\uexfat.dll
2009-02-01 00:52:25 ----A---- C:\Windows\system32\rasmans.dll
2009-02-01 00:52:24 ----A---- C:\Windows\system32\eappcfg.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\wlansvc.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\whealogr.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\untfs.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\sqlcese30.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\pcaui.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\iassam.dll
2009-02-01 00:52:23 ----A---- C:\Windows\system32\DfrgNtfs.exe
2009-02-01 00:52:21 ----A---- C:\Windows\system32\dot3svc.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\zipfldr.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\winhttp.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\rdpwsx.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\mssha.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\msdrm.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\evr.dll
2009-02-01 00:52:19 ----A---- C:\Windows\system32\dfrgui.exe
2009-02-01 00:52:18 ----A---- C:\Windows\system32\WsmAuto.dll
2009-02-01 00:52:18 ----A---- C:\Windows\system32\nlasvc.dll
2009-02-01 00:52:17 ----A---- C:\Windows\system32\rpcss.dll
2009-02-01 00:52:17 ----A---- C:\Windows\system32\rasppp.dll
2009-02-01 00:52:17 ----A---- C:\Windows\system32\ncrypt.dll
2009-02-01 00:52:17 ----A---- C:\Windows\system32\msrepl40.dll
2009-02-01 00:52:17 ----A---- C:\Windows\system32\BFE.DLL
2009-02-01 00:52:17 ----A---- C:\Windows\system32\audiosrv.dll
2009-02-01 00:52:16 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\WsmWmiPl.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\WebClnt.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\themecpl.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\rastls.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\printui.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\objsel.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-02-01 00:52:15 ----A---- C:\Windows\system32\ddraw.dll
2009-02-01 00:52:14 ----A---- C:\Windows\system32\w32time.dll
2009-02-01 00:52:14 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-02-01 00:52:14 ----A---- C:\Windows\system32\QAGENT.DLL
2009-02-01 00:52:14 ----A---- C:\Windows\system32\iasnap.dll
2009-02-01 00:52:14 ----A---- C:\Windows\system32\dbghelp.dll
2009-02-01 00:52:13 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-02-01 00:52:13 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-02-01 00:52:13 ----A---- C:\Windows\system32\ncryptui.dll
2009-02-01 00:52:13 ----A---- C:\Windows\system32\icm32.dll
2009-02-01 00:52:13 ----A---- C:\Windows\system32\azroles.dll
2009-02-01 00:52:12 ----A---- C:\Windows\system32\iprtrmgr.dll
2009-02-01 00:52:11 ----A---- C:\Windows\system32\winsrv.dll
2009-02-01 00:52:11 ----A---- C:\Windows\system32\taskschd.dll
2009-02-01 00:52:11 ----A---- C:\Windows\system32\spoolss.dll
2009-02-01 00:52:11 ----A---- C:\Windows\system32\msctf.dll
2009-02-01 00:52:11 ----A---- C:\Windows\system32\bcdedit.exe
2009-02-01 00:52:11 ----A---- C:\Windows\system32\basecsp.dll
2009-02-01 00:52:10 ----A---- C:\Windows\system32\wlangpui.dll
2009-02-01 00:52:10 ----A---- C:\Windows\system32\mstlsapi.dll
2009-02-01 00:52:10 ----A---- C:\Windows\system32\AudioEng.dll
2009-02-01 00:52:09 ----A---- C:\Windows\system32\winsta.dll
2009-02-01 00:52:09 ----A---- C:\Windows\system32\scksp.dll
2009-02-01 00:52:09 ----A---- C:\Windows\system32\netprofm.dll
2009-02-01 00:52:08 ----A---- C:\Windows\system32\netcfgx.dll
2009-02-01 00:52:08 ----A---- C:\Windows\system32\dbgeng.dll
2009-02-01 00:52:07 ----A---- C:\Windows\system32\winlogon.exe
2009-02-01 00:52:07 ----A---- C:\Windows\system32\wercon.exe
2009-02-01 00:52:07 ----A---- C:\Windows\system32\taskcomp.dll
2009-02-01 00:52:07 ----A---- C:\Windows\system32\rsaenh.dll
2009-02-01 00:52:07 ----A---- C:\Windows\system32\lpksetup.exe
2009-02-01 00:52:07 ----A---- C:\Windows\system32\cdosys.dll
2009-02-01 00:52:06 ----A---- C:\Windows\system32\wlansec.dll
2009-02-01 00:52:06 ----A---- C:\Windows\system32\msdtcuiu.dll
2009-02-01 00:52:06 ----A---- C:\Windows\system32\certcli.dll
2009-02-01 00:52:06 ----A---- C:\Windows\system32\apds.dll
2009-02-01 00:52:05 ----A---- C:\Windows\system32\mprddm.dll
2009-02-01 00:52:05 ----A---- C:\Windows\system32\iasrad.dll
2009-02-01 00:52:05 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\tsgqec.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\shdocvw.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\eapsvc.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\certmgr.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\bcdsrv.dll
2009-02-01 00:52:04 ----A---- C:\Windows\system32\aaclient.dll
2009-02-01 00:52:03 ----A---- C:\Windows\system32\Wldap32.dll
2009-02-01 00:52:03 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-02-01 00:52:03 ----A---- C:\Windows\system32\uDWM.dll
2009-02-01 00:52:03 ----A---- C:\Windows\system32\msidcrl30.dll
2009-02-01 00:52:03 ----A---- C:\Windows\system32\dnsapi.dll
2009-02-01 00:52:02 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-02-01 00:52:02 ----A---- C:\Windows\system32\pla.dll
2009-02-01 00:52:02 ----A---- C:\Windows\system32\netshell.dll
2009-02-01 00:52:02 ----A---- C:\Windows\system32\dxgi.dll
2009-02-01 00:52:02 ----A---- C:\Windows\system32\dot3gpui.dll
2009-02-01 00:52:01 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-02-01 00:51:59 ----A---- C:\Windows\system32\shsvcs.dll
2009-02-01 00:51:59 ----A---- C:\Windows\system32\ntprint.dll
2009-02-01 00:51:59 ----A---- C:\Windows\system32\cryptnet.dll
2009-02-01 00:51:59 ----A---- C:\Windows\system32\comsnap.dll
2009-02-01 00:51:58 ----A---- C:\Windows\system32\wscsvc.dll
2009-02-01 00:51:58 ----A---- C:\Windows\system32\winmm.dll
2009-02-01 00:51:58 ----A---- C:\Windows\system32\services.exe
2009-02-01 00:51:58 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-02-01 00:51:57 ----A---- C:\Windows\system32\wscisvif.dll
2009-02-01 00:51:57 ----A---- C:\Windows\system32\taskeng.exe
2009-02-01 00:51:57 ----A---- C:\Windows\system32\synceng.dll
2009-02-01 00:51:57 ----A---- C:\Windows\system32\pnidui.dll
2009-02-01 00:51:57 ----A---- C:\Windows\system32\msconfig.exe
2009-02-01 00:51:57 ----A---- C:\Windows\system32\cmifw.dll
2009-02-01 00:51:56 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-02-01 00:51:56 ----A---- C:\Windows\system32\msjtes40.dll
2009-02-01 00:51:56 ----A---- C:\Windows\system32\iassdo.dll
2009-02-01 00:51:56 ----A---- C:\Windows\system32\cipher.exe
2009-02-01 00:51:55 ----A---- C:\Windows\system32\tdh.dll
2009-02-01 00:51:55 ----A---- C:\Windows\system32\rasapi32.dll
2009-02-01 00:51:55 ----A---- C:\Windows\system32\imapi2.dll
2009-02-01 00:51:54 ----A---- C:\Windows\system32\uxtheme.dll
2009-02-01 00:51:54 ----A---- C:\Windows\system32\SessEnv.dll
2009-02-01 00:51:54 ----A---- C:\Windows\system32\dot3api.dll
2009-02-01 00:51:54 ----A---- C:\Windows\system32\dmdskmgr.dll
2009-02-01 00:51:53 ----A---- C:\Windows\system32\qdvd.dll
2009-02-01 00:51:53 ----A---- C:\Windows\system32\msscp.dll
2009-02-01 00:51:53 ----A---- C:\Windows\system32\cmd.exe
2009-02-01 00:51:53 ----A---- C:\Windows\system32\cbsra.exe
2009-02-01 00:51:53 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2009-02-01 00:51:52 ----A---- C:\Windows\system32\wlanmsm.dll
2009-02-01 00:51:52 ----A---- C:\Windows\system32\wkssvc.dll
2009-02-01 00:51:52 ----A---- C:\Windows\system32\wevtutil.exe
2009-02-01 00:51:52 ----A---- C:\Windows\system32\srvsvc.dll
2009-02-01 00:51:52 ----A---- C:\Windows\system32\loadperf.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\WUDFx.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\wlancfg.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\rpchttp.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\rdpdd.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\mshtmled.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\localsec.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\fontext.dll
2009-02-01 00:51:51 ----A---- C:\Windows\system32\diskpart.exe
2009-02-01 00:51:51 ----A---- C:\Windows\system32\comres.dll
2009-02-01 00:51:50 ----A---- C:\Windows\system32\wsqmcons.exe
2009-02-01 00:51:50 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-02-01 00:51:50 ----A---- C:\Windows\system32\wlanapi.dll
2009-02-01 00:51:50 ----A---- C:\Windows\system32\WinSATAPI.dll
2009-02-01 00:51:50 ----A---- C:\Windows\system32\hnetcfg.dll
2009-02-01 00:51:50 ----A---- C:\Windows\system32\dsound.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\wlanpref.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\RDPENCDD.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\profprov.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\NAPMONTR.DLL
2009-02-01 00:51:49 ----A---- C:\Windows\system32\filemgmt.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-02-01 00:51:49 ----A---- C:\Windows\system32\avifil32.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\wsecedit.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-02-01 00:51:48 ----A---- C:\Windows\system32\tracerpt.exe
2009-02-01 00:51:48 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\P2PGraph.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-02-01 00:51:48 ----A---- C:\Windows\system32\dwmredir.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-02-01 00:51:48 ----A---- C:\Windows\system32\apphelp.dll
2009-02-01 00:51:47 ----A---- C:\Windows\system32\wininit.exe
2009-02-01 00:51:47 ----A---- C:\Windows\system32\spp.dll
2009-02-01 00:51:47 ----A---- C:\Windows\system32\rasdlg.dll
2009-02-01 00:51:47 ----A---- C:\Windows\system32\QSHVHOST.DLL
2009-02-01 00:51:47 ----A---- C:\Windows\system32\iassvcs.dll
2009-02-01 00:51:47 ----A---- C:\Windows\system32\iashost.exe
2009-02-01 00:51:47 ----A---- C:\Windows\system32\gpresult.exe
2009-02-01 00:51:47 ----A---- C:\Windows\system32\dwm.exe
2009-02-01 00:51:47 ----A---- C:\Windows\system32\azroleui.dll
2009-02-01 00:51:47 ----A---- C:\Windows\HelpPane.exe
2009-02-01 00:51:46 ----A---- C:\Windows\system32\srrstr.dll
2009-02-01 00:51:46 ----A---- C:\Windows\system32\spwizeng.dll
2009-02-01 00:51:46 ----A---- C:\Windows\system32\SLUI.exe
2009-02-01 00:51:46 ----A---- C:\Windows\system32\mcbuilder.exe
2009-02-01 00:51:45 ----A---- C:\Windows\system32\wecapi.dll
2009-02-01 00:51:45 ----A---- C:\Windows\system32\unbcl.dll
2009-02-01 00:51:45 ----A---- C:\Windows\system32\rasmontr.dll
2009-02-01 00:51:45 ----A---- C:\Windows\system32\msra.exe
2009-02-01 00:51:45 ----A---- C:\Windows\system32\lltdsvc.dll
2009-02-01 00:51:44 ----A---- C:\Windows\system32\tcpmon.dll
2009-02-01 00:51:44 ----A---- C:\Windows\system32\shrink.dll
2009-02-01 00:51:44 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-02-01 00:51:44 ----A---- C:\Windows\system32\brcpl.dll
2009-02-01 00:51:43 ----A---- C:\Windows\system32\gpedit.dll
2009-02-01 00:51:42 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-02-01 00:51:42 ----A---- C:\Windows\system32\raschap.dll
2009-02-01 00:51:42 ----A---- C:\Windows\system32\oleacc.dll
2009-02-01 00:51:42 ----A---- C:\Windows\system32\iashlpr.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\vsstrace.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\regsvc.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\ntvdm.exe
2009-02-01 00:51:41 ----A---- C:\Windows\system32\ntlanman.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\framedynos.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\fdWSD.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\EncDec.dll
2009-02-01 00:51:41 ----A---- C:\Windows\system32\advpack.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\wpdshext.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\wdc.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\Storprop.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\netman.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\l2nacp.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\iedkcs32.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\ieapfltr.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\framedyn.dll
2009-02-01 00:51:40 ----A---- C:\Windows\system32\dssenh.dll
2009-02-01 00:51:39 ----A---- C:\Windows\system32\WlanMM.dll
2009-02-01 00:51:39 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-02-01 00:51:39 ----A---- C:\Windows\system32\sxs.dll
2009-02-01 00:51:39 ----A---- C:\Windows\system32\profsvc.dll
2009-02-01 00:51:39 ----A---- C:\Windows\system32\KMSVC.DLL
2009-02-01 00:51:39 ----A---- C:\Windows\system32\certreq.exe
2009-02-01 00:51:39 ----A---- C:\Windows\system32\adsnt.dll
2009-02-01 00:51:38 ----A---- C:\Windows\system32\WsmProv.dll
2009-02-01 00:51:38 ----A---- C:\Windows\system32\wlanhlp.dll
2009-02-01 00:51:38 ----A---- C:\Windows\system32\WLanConn.dll
2009-02-01 00:51:38 ----A---- C:\Windows\system32\IPBusEnum.dll
2009-02-01 00:51:36 ----A---- C:\Windows\system32\wusa.exe
2009-02-01 00:51:36 ----A---- C:\Windows\system32\WUDFHost.exe
2009-02-01 00:51:36 ----A---- C:\Windows\system32\WerFault.exe
2009-02-01 00:51:36 ----A---- C:\Windows\system32\VAN.dll
2009-02-01 00:51:36 ----A---- C:\Windows\system32\userenv.dll
2009-02-01 00:51:36 ----A---- C:\Windows\system32\umb.dll
2009-02-01 00:51:36 ----A---- C:\Windows\system32\ncsi.dll
2009-02-01 00:51:35 ----A---- C:\Windows\system32\ie4uinit.exe
2009-02-01 00:51:35 ----A---- C:\Windows\system32\fundisc.dll
2009-02-01 00:51:35 ----A---- C:\Windows\system32\catsrvut.dll
2009-02-01 00:51:34 ----A---- C:\Windows\system32\cryptui.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\puiobj.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\photowiz.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\netid.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\netcenter.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\MdSched.exe
2009-02-01 00:51:33 ----A---- C:\Windows\system32\InkEd.dll
2009-02-01 00:51:33 ----A---- C:\Windows\system32\dps.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\ws2_32.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\WinSCard.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\winrs.exe
2009-02-01 00:51:32 ----A---- C:\Windows\system32\spbcd.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\secur32.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\odbcjt32.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\ntdsapi.dll
2009-02-01 00:51:32 ----A---- C:\Windows\system32\NAPSTAT.EXE
2009-02-01 00:51:32 ----A---- C:\Windows\system32\msinfo32.exe
2009-02-01 00:51:32 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-02-01 00:51:31 ----A---- C:\Windows\system32\prnntfy.dll
2009-02-01 00:51:30 ----A---- C:\Windows\system32\mblctr.exe
2009-02-01 00:51:30 ----A---- C:\Windows\system32\cryptsvc.dll
2009-02-01 00:51:29 ----A---- C:\Windows\system32\schtasks.exe
2009-02-01 00:51:29 ----A---- C:\Windows\system32\RelMon.dll
2009-02-01 00:51:29 ----A---- C:\Windows\system32\iasacct.dll
2009-02-01 00:51:29 ----A---- C:\Windows\system32\dmdlgs.dll
2009-02-01 00:51:28 ----A---- C:\Windows\system32\pdh.dll
2009-02-01 00:51:28 ----A---- C:\Windows\system32\netdiagfx.dll
2009-02-01 00:51:28 ----A---- C:\Windows\system32\dhcpsapi.dll
2009-02-01 00:51:28 ----A---- C:\Windows\system32\catsrv.dll
2009-02-01 00:51:28 ----A---- C:\Windows\system32\activeds.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\wvc.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\winrm.vbs
2009-02-01 00:51:27 ----A---- C:\Windows\system32\TSpkg.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\qwave.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2009-02-01 00:51:27 ----A---- C:\Windows\system32\fdWCN.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\dot3msm.dll
2009-02-01 00:51:27 ----A---- C:\Windows\system32\dfrgfat.exe
2009-02-01 00:51:27 ----A---- C:\Windows\system32\AudioSes.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\wow32.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\rastapi.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\netcorehc.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\NAPHLPR.DLL
2009-02-01 00:51:26 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-02-01 00:51:26 ----A---- C:\Windows\system32\msacm32.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\ifmon.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\dot3cfg.dll
2009-02-01 00:51:26 ----A---- C:\Windows\system32\adsldp.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\wscntfy.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\shsetup.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\ntshrui.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\msdt.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\iasdatastore.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\els.dll
2009-02-01 00:51:25 ----A---- C:\Windows\system32\clbcatq.dll
2009-02-01 00:51:24 ----A---- C:\Windows\system32\QUTIL.DLL
2009-02-01 00:51:23 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\wlanui.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\stobject.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\sdrsvc.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\net1.exe
2009-02-01 00:51:23 ----A---- C:\Windows\system32\ipnathlp.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\iasrecst.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\fdSSDP.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\dsprop.dll
2009-02-01 00:51:23 ----A---- C:\Windows\system32\Defrag.exe
2009-02-01 00:51:23 ----A---- C:\Windows\system32\adsldpc.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\upnphost.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\systemcpl.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\smss.exe
2009-02-01 00:51:22 ----A---- C:\Windows\system32\rasman.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\P2P.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\nci.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\mprmsg.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\CompatUI.dll
2009-02-01 00:51:22 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\t2embed.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\rascfg.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\oleprn.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\msftedit.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\loghours.dll
2009-02-01 00:51:21 ----A---- C:\Windows\system32\fde.dll
2009-02-01 00:51:20 ----A---- C:\Windows\system32\Wpc.dll
2009-02-01 00:51:20 ----A---- C:\Windows\system32\MigAutoPlay.exe
2009-02-01 00:51:20 ----A---- C:\Windows\system32\L2SecHC.dll
2009-02-01 00:51:20 ----A---- C:\Windows\system32\dxdiag.exe
2009-02-01 00:51:20 ----A---- C:\Windows\system32\DFDWiz.exe
2009-02-01 00:51:19 ----A---- C:\Windows\system32\wdigest.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\setupcl.exe
2009-02-01 00:51:19 ----A---- C:\Windows\system32\scansetting.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\rtm.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\msutb.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\mprdim.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\gpapi.dll
2009-02-01 00:51:19 ----A---- C:\Windows\system32\devmgr.dll
2009-02-01 00:51:18 ----A---- C:\Windows\system32\wiaservc.dll
2009-02-01 00:51:18 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2009-02-01 00:51:17 ----A---- C:\Windows\system32\wscapi.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-02-01 00:51:17 ----A---- C:\Windows\system32\wdi.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\mswmdm.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\msihnd.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\kdusb.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\ifsutil.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\dimsroam.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-02-01 00:51:17 ----A---- C:\Windows\system32\actxprxy.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\wlandlg.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\vssadmin.exe
2009-02-01 00:51:16 ----A---- C:\Windows\system32\uudf.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\usbmon.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\SyncCenter.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\spoolsv.exe
2009-02-01 00:51:16 ----A---- C:\Windows\system32\scecli.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\regapi.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\mycomput.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\msls31.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\imagehlp.dll
2009-02-01 00:51:16 ----A---- C:\Windows\system32\BOOTVID.DLL
2009-02-01 00:51:16 ----A---- C:\Windows\system32\audiodg.exe
2009-02-01 00:51:15 ----A---- C:\Windows\system32\termmgr.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\sud.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\ssdpsrv.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\SCardSvr.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\samlib.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\puiapi.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\newdev.dll
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 27th, 2009, 12:07 pm

2009-02-01 00:51:15 ----A---- C:\Windows\system32\mtxoci.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\mstask.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\mspaint.exe
2009-02-01 00:51:15 ----A---- C:\Windows\system32\kdcom.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\duser.dll
2009-02-01 00:51:15 ----A---- C:\Windows\system32\adtschema.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\tapisrv.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\SLUINotify.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\Robocopy.exe
2009-02-01 00:51:14 ----A---- C:\Windows\system32\input.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\inetpp.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\cic.dll
2009-02-01 00:51:14 ----A---- C:\Windows\system32\AzSqlExt.dll
2009-02-01 00:51:13 ----A---- C:\Windows\system32\wisptis.exe
2009-02-01 00:51:13 ----A---- C:\Windows\system32\iasads.dll
2009-02-01 00:51:13 ----A---- C:\Windows\system32\cscapi.dll
2009-02-01 00:51:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-02-01 00:51:12 ----A---- C:\Windows\system32\authz.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\WUDFPlatform.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\wpcsvc.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\webcheck.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\verifier.exe
2009-02-01 00:51:11 ----A---- C:\Windows\system32\themeui.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\slcinst.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\sdshext.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\msdtclog.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\msdt.exe
2009-02-01 00:51:11 ----A---- C:\Windows\system32\d3d8.dll
2009-02-01 00:51:11 ----A---- C:\Windows\system32\cmdial32.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\wpccpl.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\WMPhoto.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\wintrust.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\vdsldr.exe
2009-02-01 00:51:10 ----A---- C:\Windows\system32\SndVol.exe
2009-02-01 00:51:10 ----A---- C:\Windows\system32\rasgcw.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\pnpsetup.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\oledlg.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\ntmarta.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\mmcbase.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\mlang.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\icfupgd.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\icardie.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\dxtmsft.dll
2009-02-01 00:51:10 ----A---- C:\Windows\system32\clfsw32.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\wpd_ci.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\syssetup.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\slmgr.vbs
2009-02-01 00:51:09 ----A---- C:\Windows\system32\rasqec.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\nslookup.exe
2009-02-01 00:51:09 ----A---- C:\Windows\system32\ncobjapi.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\msrd3x40.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\msaatext.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\mpr.dll
2009-02-01 00:51:09 ----A---- C:\Windows\system32\diskraid.exe
2009-02-01 00:51:09 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\wtsapi32.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\unlodctr.exe
2009-02-01 00:51:08 ----A---- C:\Windows\system32\ulib.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\sethc.exe
2009-02-01 00:51:08 ----A---- C:\Windows\system32\pnpui.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\oobefldr.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\mscms.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\lodctr.exe
2009-02-01 00:51:08 ----A---- C:\Windows\system32\iaspolcy.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\fontsub.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\extmgr.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\dxdiagn.dll
2009-02-01 00:51:08 ----A---- C:\Windows\system32\cabinet.dll
2009-02-01 00:51:07 ----A---- C:\Windows\system32\Utilman.exe
2009-02-01 00:51:06 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2009-02-01 00:51:06 ----A---- C:\Windows\system32\unattend.dll
2009-02-01 00:51:06 ----A---- C:\Windows\system32\trkwks.dll
2009-02-01 00:51:06 ----A---- C:\Windows\system32\scesrv.dll
2009-02-01 00:51:06 ----A---- C:\Windows\system32\lnkstub.exe
2009-02-01 00:51:05 ----A---- C:\Windows\system32\wermgr.exe
2009-02-01 00:51:05 ----A---- C:\Windows\system32\ogldrv.dll
2009-02-01 00:51:05 ----A---- C:\Windows\system32\occache.dll
2009-02-01 00:51:05 ----A---- C:\Windows\system32\dfdts.dll
2009-02-01 00:51:05 ----A---- C:\Windows\system32\cabview.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\wpcao.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\sdspres.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\p2pcollab.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\msnetobj.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\iepeers.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\eappgnui.dll
2009-02-01 00:51:04 ----A---- C:\Windows\system32\bthci.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\verifier.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\RstrtMgr.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\mprapi.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\mmcss.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\efsadu.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\dsquery.dll
2009-02-01 00:51:03 ----A---- C:\Windows\system32\drvinst.exe
2009-02-01 00:51:03 ----A---- C:\Windows\system32\dispdiag.exe
2009-02-01 00:51:03 ----A---- C:\Windows\system32\DHCPQEC.DLL
2009-02-01 00:51:03 ----A---- C:\Windows\system32\basesrv.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\WPDSp.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-02-01 00:51:02 ----A---- C:\Windows\system32\wercplsupport.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\setupugc.exe
2009-02-01 00:51:02 ----A---- C:\Windows\system32\qedit.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\msoeacct.dll
2009-02-01 00:51:02 ----A---- C:\Windows\system32\icacls.exe
2009-02-01 00:51:02 ----A---- C:\Windows\system32\d3d10core.dll
2009-02-01 00:51:01 ----A---- C:\Windows\system32\networkmap.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\xactsrv.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\wiascanprofiles.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\wiaaut.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\usercpl.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2009-02-01 00:51:00 ----A---- C:\Windows\system32\pnrpnsp.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\pngfilt.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\p2pnetsh.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\msrdc.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\msdmo.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\lsass.exe
2009-02-01 00:51:00 ----A---- C:\Windows\system32\iscsiexe.dll
2009-02-01 00:51:00 ----A---- C:\Windows\system32\consent.exe
2009-02-01 00:51:00 ----A---- C:\Windows\system32\conime.exe
2009-02-01 00:51:00 ----A---- C:\Windows\system32\autoplay.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\xwizards.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\systeminfo.exe
2009-02-01 00:50:59 ----A---- C:\Windows\system32\pcadm.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\netcfg.exe
2009-02-01 00:50:59 ----A---- C:\Windows\system32\msrating.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\mfplat.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\lpk.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\findstr.exe
2009-02-01 00:50:59 ----A---- C:\Windows\system32\eappprxy.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-02-01 00:50:59 ----A---- C:\Windows\system32\dpapimig.exe
2009-02-01 00:50:58 ----A---- C:\Windows\system32\resutils.dll
2009-02-01 00:50:58 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2009-02-01 00:50:58 ----A---- C:\Windows\system32\DWWIN.EXE
2009-02-01 00:50:58 ----A---- C:\Windows\system32\dssec.dll
2009-02-01 00:50:58 ----A---- C:\Windows\system32\dot3ui.dll
2009-02-01 00:50:58 ----A---- C:\Windows\system32\dfrgifc.exe
2009-02-01 00:50:58 ----A---- C:\Windows\system32\dbnetlib.dll
2009-02-01 00:50:58 ----A---- C:\Windows\system32\cmdl32.exe
2009-02-01 00:50:58 ----A---- C:\Windows\system32\alg.exe
2009-02-01 00:50:57 ----A---- C:\Windows\system32\powercpl.dll
2009-02-01 00:50:57 ----A---- C:\Windows\system32\odbc32.dll
2009-02-01 00:50:57 ----A---- C:\Windows\system32\nshhttp.dll
2009-02-01 00:50:57 ----A---- C:\Windows\system32\netprof.dll
2009-02-01 00:50:57 ----A---- C:\Windows\system32\imm32.dll
2009-02-01 00:50:57 ----A---- C:\Windows\system32\btpanui.dll
2009-02-01 00:50:57 ----A---- C:\Windows\regedit.exe
2009-02-01 00:50:56 ----A---- C:\Windows\system32\txflog.dll
2009-02-01 00:50:56 ----A---- C:\Windows\system32\feclient.dll
2009-02-01 00:50:56 ----A---- C:\Windows\system32\apircl.dll
2009-02-01 00:50:55 ----A---- C:\Windows\system32\taskkill.exe
2009-02-01 00:50:55 ----A---- C:\Windows\system32\iexpress.exe
2009-02-01 00:50:54 ----A---- C:\Windows\system32\tbssvc.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\svchost.exe
2009-02-01 00:50:54 ----A---- C:\Windows\system32\shwebsvc.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\RASMM.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\provthrd.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\msieftp.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\dxva2.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\dwmapi.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\d3d10.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\bcdprov.dll
2009-02-01 00:50:54 ----A---- C:\Windows\system32\ActionQueue.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\WMASF.DLL
2009-02-01 00:50:53 ----A---- C:\Windows\system32\syncui.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\slwmi.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\SLCExt.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\slcc.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\raserver.exe
2009-02-01 00:50:53 ----A---- C:\Windows\system32\olepro32.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\networkexplorer.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\EAPQEC.DLL
2009-02-01 00:50:53 ----A---- C:\Windows\system32\dmocx.dll
2009-02-01 00:50:53 ----A---- C:\Windows\system32\aclui.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\xcopy.exe
2009-02-01 00:50:52 ----A---- C:\Windows\system32\uxsms.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\upnp.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\UIHub.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\taskmgr.exe
2009-02-01 00:50:52 ----A---- C:\Windows\system32\reg.exe
2009-02-01 00:50:52 ----A---- C:\Windows\system32\QCLIPROV.DLL
2009-02-01 00:50:52 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-02-01 00:50:52 ----A---- C:\Windows\system32\icsfiltr.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\ias.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-02-01 00:50:52 ----A---- C:\Windows\system32\brcplsdw.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\audiodev.dll
2009-02-01 00:50:52 ----A---- C:\Windows\system32\appinfo.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\wmpdxm.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\wlanext.exe
2009-02-01 00:50:51 ----A---- C:\Windows\system32\PING.EXE
2009-02-01 00:50:51 ----A---- C:\Windows\system32\perfts.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\netplwiz.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\NapiNSP.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\msoert2.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\mountvol.exe
2009-02-01 00:50:51 ----A---- C:\Windows\system32\mmcshext.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\inetmib1.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\dskquoui.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\cmstp.exe
2009-02-01 00:50:51 ----A---- C:\Windows\system32\cewmdm.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\certprop.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\browser.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2009-02-01 00:50:51 ----A---- C:\Windows\system32\atl.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-02-01 00:50:50 ----A---- C:\Windows\system32\SoundRecorder.exe
2009-02-01 00:50:50 ----A---- C:\Windows\system32\qcap.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\qasf.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\ieakeng.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\httpapi.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\dmusic.dll
2009-02-01 00:50:50 ----A---- C:\Windows\system32\bitsadmin.exe
2009-02-01 00:50:49 ----A---- C:\Windows\system32\SysFxUI.dll
2009-02-01 00:50:49 ----A---- C:\Windows\system32\rekeywiz.exe
2009-02-01 00:50:49 ----A---- C:\Windows\system32\dsuiext.dll
2009-02-01 00:50:49 ----A---- C:\Windows\system32\adsmsext.dll
2009-02-01 00:50:48 ----A---- C:\Windows\system32\WUDFSvc.dll
2009-02-01 00:50:48 ----A---- C:\Windows\system32\wmpsrcwp.dll
2009-02-01 00:50:48 ----A---- C:\Windows\system32\mscandui.dll
2009-02-01 00:50:48 ----A---- C:\Windows\system32\auditpol.exe
2009-02-01 00:50:47 ----A---- C:\Windows\system32\Sens.dll
2009-02-01 00:50:47 ----A---- C:\Windows\system32\SecEdit.exe
2009-02-01 00:50:47 ----A---- C:\Windows\system32\mtstocom.exe
2009-02-01 00:50:46 ----A---- C:\Windows\system32\xwtpw32.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\wzcdlg.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\WMVSENCD.DLL
2009-02-01 00:50:46 ----A---- C:\Windows\system32\sppnp.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\shimgvw.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\seclogon.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\sbeio.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\ndfapi.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\msdadiag.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\makecab.exe
2009-02-01 00:50:46 ----A---- C:\Windows\system32\lsmproxy.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\dot3gpclnt.dll
2009-02-01 00:50:46 ----A---- C:\Windows\system32\batt.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\wscmisetup.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\wpdwcn.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2009-02-01 00:50:45 ----A---- C:\Windows\system32\wiashext.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\wiadefui.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\userinit.exe
2009-02-01 00:50:45 ----A---- C:\Windows\system32\shacct.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\perfmon.exe
2009-02-01 00:50:45 ----A---- C:\Windows\system32\p2phost.exe
2009-02-01 00:50:45 ----A---- C:\Windows\system32\napipsec.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\msorcl32.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\dxtrans.dll
2009-02-01 00:50:45 ----A---- C:\Windows\system32\apss.dll
2009-02-01 00:50:44 ----A---- C:\Windows\system32\winrshost.exe
2009-02-01 00:50:44 ----A---- C:\Windows\system32\tasklist.exe
2009-02-01 00:50:44 ----A---- C:\Windows\system32\sxstrace.exe
2009-02-01 00:50:44 ----A---- C:\Windows\system32\ktmutil.exe
2009-02-01 00:50:44 ----A---- C:\Windows\system32\keymgr.dll
2009-02-01 00:50:44 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2009-02-01 00:50:44 ----A---- C:\Windows\system32\csrsrv.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\prntvpt.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\notepad.exe
2009-02-01 00:50:43 ----A---- C:\Windows\system32\netiougc.exe
2009-02-01 00:50:43 ----A---- C:\Windows\system32\msiexec.exe
2009-02-01 00:50:43 ----A---- C:\Windows\system32\MP4SDECD.DLL
2009-02-01 00:50:43 ----A---- C:\Windows\system32\ftp.exe
2009-02-01 00:50:43 ----A---- C:\Windows\system32\fmifs.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\d3dim700.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\cryptdll.dll
2009-02-01 00:50:43 ----A---- C:\Windows\system32\colorui.dll
2009-02-01 00:50:43 ----A---- C:\Windows\notepad.exe
2009-02-01 00:50:42 ----A---- C:\Windows\system32\wscproxystub.dll
2009-02-01 00:50:42 ----A---- C:\Windows\system32\winethc.dll
2009-02-01 00:50:42 ----A---- C:\Windows\system32\takeown.exe
2009-02-01 00:50:42 ----A---- C:\Windows\system32\PnPutil.exe
2009-02-01 00:50:42 ----A---- C:\Windows\system32\pcasvc.dll
2009-02-01 00:50:42 ----A---- C:\Windows\system32\nshipsec.dll
2009-02-01 00:50:42 ----A---- C:\Windows\system32\msimtf.dll
2009-02-01 00:50:42 ----A---- C:\Windows\system32\driverquery.exe
2009-02-01 00:50:41 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\wmiprop.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\txfw32.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\rasplap.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\powrprof.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\pots.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\inseng.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\fsutil.exe
2009-02-01 00:50:41 ----A---- C:\Windows\system32\findnetprinters.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\dnshc.dll
2009-02-01 00:50:41 ----A---- C:\Windows\system32\capisp.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\shrpubw.exe
2009-02-01 00:50:40 ----A---- C:\Windows\system32\sfc_os.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\sendmail.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2009-02-01 00:50:40 ----A---- C:\Windows\system32\perfnet.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\olecli32.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\nsisvc.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\luainstall.dll
2009-02-01 00:50:40 ----A---- C:\Windows\system32\imapi.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\WLanHC.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\wextract.exe
2009-02-01 00:50:39 ----A---- C:\Windows\system32\TMM.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\shgina.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\runonce.exe
2009-02-01 00:50:39 ----A---- C:\Windows\system32\rshx32.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\RpcPing.exe
2009-02-01 00:50:39 ----A---- C:\Windows\system32\ktmw32.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\fdPHost.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\d3dim.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\compstui.dll
2009-02-01 00:50:39 ----A---- C:\Windows\system32\cmmon32.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\WMADMOE.DLL
2009-02-01 00:50:37 ----A---- C:\Windows\system32\wiaacmgr.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\w32tm.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\version.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\unregmp2.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\UI0Detect.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\tscupgrd.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\net.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\msvfw32.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\MPG4DECD.DLL
2009-02-01 00:50:37 ----A---- C:\Windows\system32\MP43DECD.DLL
2009-02-01 00:50:37 ----A---- C:\Windows\system32\mdminst.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\imgutil.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\getmac.exe
2009-02-01 00:50:37 ----A---- C:\Windows\system32\dsauth.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\dimsjob.dll
2009-02-01 00:50:37 ----A---- C:\Windows\system32\cmlua.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\wmpshell.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\sfc.exe
2009-02-01 00:50:36 ----A---- C:\Windows\system32\sdchange.exe
2009-02-01 00:50:36 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\pnpts.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\migisol.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\ipconfig.exe
2009-02-01 00:50:36 ----A---- C:\Windows\system32\fdeploy.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\dispci.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\dinput8.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\diantz.exe
2009-02-01 00:50:36 ----A---- C:\Windows\system32\credui.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\comrepl.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\cmutil.dll
2009-02-01 00:50:36 ----A---- C:\Windows\system32\ACW.exe
2009-02-01 00:50:35 ----A---- C:\Windows\system32\wmidx.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\TSTheme.exe
2009-02-01 00:50:35 ----A---- C:\Windows\system32\remotepg.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\pdhui.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\nlaapi.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\fwcfg.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\expand.exe
2009-02-01 00:50:35 ----A---- C:\Windows\system32\EncDump.dll
2009-02-01 00:50:35 ----A---- C:\Windows\system32\cfgbkend.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-02-01 00:50:34 ----A---- C:\Windows\system32\vdmredir.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\utildll.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\TpmInit.exe
2009-02-01 00:50:34 ----A---- C:\Windows\system32\softkbd.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\modemui.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\McxDriv.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\hlink.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\colbact.dll
2009-02-01 00:50:34 ----A---- C:\Windows\system32\bridgeunattend.exe
2009-02-01 00:50:33 ----A---- C:\Windows\system32\wmvdspa.dll
2009-02-01 00:50:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-02-01 00:50:33 ----A---- C:\Windows\system32\iernonce.dll
2009-02-01 00:50:33 ----A---- C:\Windows\system32\amstream.dll
2009-02-01 00:50:32 ----A---- C:\Windows\system32\wsnmp32.dll
2009-02-01 00:50:32 ----A---- C:\Windows\system32\sti_ci.dll
2009-02-01 00:50:32 ----A---- C:\Windows\system32\rdrleakdiag.exe
2009-02-01 00:50:32 ----A---- C:\Windows\system32\esentutl.exe
2009-02-01 00:50:32 ----A---- C:\Windows\system32\bootcfg.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\wmpcm.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\wfapigp.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\waitfor.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\vds_ps.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\tabcal.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\shutdown.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\qdv.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\osblprov.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\olesvr32.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\odbccp32.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\msdtc.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\logman.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\iscsium.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\dpnet.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\DpiScaling.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\dmsynth.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\COLORCNV.DLL
2009-02-01 00:50:31 ----A---- C:\Windows\system32\cmcfg32.dll
2009-02-01 00:50:31 ----A---- C:\Windows\system32\cacls.exe
2009-02-01 00:50:31 ----A---- C:\Windows\system32\admparse.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\wpnpinst.exe
2009-02-01 00:50:30 ----A---- C:\Windows\system32\werdiagcontroller.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\rasauto.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\olethk32.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\mstext40.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\mfvdsp.dll
2009-02-01 00:50:30 ----A---- C:\Windows\system32\iscsiwmi.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\wavemsp.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\ufat.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\sxproxy.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\SLLUA.exe
2009-02-01 00:50:29 ----A---- C:\Windows\system32\odbctrac.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\msctfui.dll
2009-02-01 00:50:29 ----A---- C:\Windows\system32\at.exe
2009-02-01 00:50:27 ----A---- C:\Windows\system32\xmlprovi.dll
2009-02-01 00:50:27 ----A---- C:\Windows\system32\WpdConns.dll
2009-02-01 00:50:27 ----A---- C:\Windows\system32\ucsvc.exe
2009-02-01 00:50:27 ----A---- C:\Windows\system32\rgb9rast.dll
2009-02-01 00:50:27 ----A---- C:\Windows\system32\RegCtrl.dll
2009-02-01 00:50:27 ----A---- C:\Windows\system32\mshta.exe
2009-02-01 00:50:27 ----A---- C:\Windows\system32\itss.dll
2009-02-01 00:50:27 ----A---- C:\Windows\system32\convert.exe
2009-02-01 00:50:26 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2009-02-01 00:50:26 ----A---- C:\Windows\system32\prevhost.exe
2009-02-01 00:50:26 ----A---- C:\Windows\system32\netbtugc.exe
2009-02-01 00:50:26 ----A---- C:\Windows\system32\mobsync.exe
2009-02-01 00:50:26 ----A---- C:\Windows\system32\licmgr10.dll
2009-02-01 00:50:26 ----A---- C:\Windows\system32\iscsied.dll
2009-02-01 00:50:26 ----A---- C:\Windows\system32\dskquota.dll
2009-02-01 00:50:26 ----A---- C:\Windows\system32\csrstub.exe
2009-02-01 00:50:26 ----A---- C:\Windows\system32\bitsigd.dll
2009-02-01 00:50:26 ----A---- C:\Windows\system32\AuthFWGP.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\unattendedjoin.exe
2009-02-01 00:50:25 ----A---- C:\Windows\system32\tbs.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\setupcln.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\rasdiag.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\ocsetup.exe
2009-02-01 00:50:25 ----A---- C:\Windows\system32\GuidedHelp.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\fphc.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\dmime.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\cscdll.dll
2009-02-01 00:50:25 ----A---- C:\Windows\system32\AtBroker.exe
2009-02-01 00:50:24 ----A---- C:\Windows\system32\winnsi.dll
2009-02-01 00:50:24 ----A---- C:\Windows\system32\mydocs.dll
2009-02-01 00:50:24 ----A---- C:\Windows\system32\l2gpstore.dll
2009-02-01 00:50:24 ----A---- C:\Windows\system32\cmpbk32.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\wpclsp.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\WINSRPC.DLL
2009-02-01 00:50:23 ----A---- C:\Windows\system32\vss_ps.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\VIDRESZR.DLL
2009-02-01 00:50:23 ----A---- C:\Windows\system32\usbui.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\upnpcont.exe
2009-02-01 00:50:23 ----A---- C:\Windows\system32\regini.exe
2009-02-01 00:50:23 ----A---- C:\Windows\system32\RacAgent.exe
2009-02-01 00:50:23 ----A---- C:\Windows\system32\odbccu32.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\odbccr32.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\napdsnap.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\mtxlegih.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\mtxdm.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\msident.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\msdart.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\gpupdate.exe
2009-02-01 00:50:23 ----A---- C:\Windows\system32\dsdmo.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\dot3dlg.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\devenum.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\cmstplua.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\avrt.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\apilogen.dll
2009-02-01 00:50:23 ----A---- C:\Windows\system32\amxread.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\wsock32.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\WavDest.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\vfwwdm32.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\syskey.exe
2009-02-01 00:50:22 ----A---- C:\Windows\system32\srwmi.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\rasphone.exe
2009-02-01 00:50:22 ----A---- C:\Windows\system32\nsi.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\netevent.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\nbtstat.exe
2009-02-01 00:50:22 ----A---- C:\Windows\system32\msexcl40.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\mfcsubs.dll
2009-02-01 00:50:22 ----A---- C:\Windows\system32\graftabl.com
2009-02-01 00:50:21 ----A---- C:\Windows\system32\wiarpc.dll
2009-02-01 00:50:21 ----A---- C:\Windows\system32\ROUTE.EXE
2009-02-01 00:50:21 ----A---- C:\Windows\system32\odbcbcp.dll
2009-02-01 00:50:21 ----A---- C:\Windows\system32\ndfetw.dll
2009-02-01 00:50:21 ----A---- C:\Windows\system32\MP3DMOD.DLL
2009-02-01 00:50:21 ----A---- C:\Windows\system32\extrac32.exe
2009-02-01 00:50:20 ----A---- C:\Windows\system32\WlanMmHC.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
2009-02-01 00:50:20 ----A---- C:\Windows\system32\wiadss.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\TabbtnEx.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\Tabbtn.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\psbase.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\procinst.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\inetppui.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\eventcls.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\dmscript.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\d3dxof.dll
2009-02-01 00:50:20 ----A---- C:\Windows\system32\csrss.exe
2009-02-01 00:50:20 ----A---- C:\Windows\system32\atmfd.dll
2009-02-01 00:50:19 ----A---- C:\Windows\system32\msxbde40.dll
2009-02-01 00:50:19 ----A---- C:\Windows\system32\dmloader.dll
2009-02-01 00:50:19 ----A---- C:\Windows\system32\credssp.dll
2009-02-01 00:50:19 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2009-02-01 00:50:19 ----A---- C:\Windows\fveupdate.exe
2009-02-01 00:50:18 ----A---- C:\Windows\system32\wshcon.dll
2009-02-01 00:50:18 ----A---- C:\Windows\system32\PlaySndSrv.dll
2009-02-01 00:50:18 ----A---- C:\Windows\system32\Netplwiz.exe
2009-02-01 00:50:18 ----A---- C:\Windows\system32\mspbde40.dll
2009-02-01 00:50:18 ----A---- C:\Windows\system32\msltus40.dll
2009-02-01 00:50:18 ----A---- C:\Windows\system32\icsunattend.exe
2009-02-01 00:50:17 ----A---- C:\Windows\system32\WsmRes.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2009-02-01 00:50:17 ----A---- C:\Windows\system32\wship6.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\tcpmon.ini
2009-02-01 00:50:17 ----A---- C:\Windows\system32\sxsstore.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\slwga.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\setupSNK.exe
2009-02-01 00:50:17 ----A---- C:\Windows\system32\sbunattend.exe
2009-02-01 00:50:17 ----A---- C:\Windows\system32\OptionalFeatures.exe
2009-02-01 00:50:17 ----A---- C:\Windows\system32\msvidc32.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\localui.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\lltdapi.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\icaapi.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\dmutil.dll
2009-02-01 00:50:17 ----A---- C:\Windows\system32\ComputerDefaults.exe
2009-02-01 00:50:16 ----A---- C:\Windows\system32\usbperf.dll
2009-02-01 00:50:16 ----A---- C:\Windows\system32\spopk.dll
2009-02-01 00:50:16 ----A---- C:\Windows\system32\serialui.dll
2009-02-01 00:50:16 ----A---- C:\Windows\system32\NcdProp.dll
2009-02-01 00:50:15 ----A---- C:\Windows\system32\odbcconf.dll
2009-02-01 00:50:15 ----A---- C:\Windows\system32\cofiredm.dll
2009-02-01 00:50:14 ----A---- C:\Windows\system32\rasctrs.dll
2009-02-01 00:50:14 ----A---- C:\Windows\system32\msfeedssync.exe
2009-02-01 00:50:14 ----A---- C:\Windows\system32\ieencode.dll
2009-02-01 00:50:14 ----A---- C:\Windows\system32\hbaapi.dll
2009-02-01 00:50:13 ----A---- C:\Windows\system32\msobjs.dll
2009-02-01 00:50:13 ----A---- C:\Windows\system32\hnetmon.dll
2009-02-01 00:50:13 ----A---- C:\Windows\system32\corpol.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\vdmdbg.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\url.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\nlsbres.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\midimap.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\LogonUI.exe
2009-02-01 00:50:12 ----A---- C:\Windows\system32\iprtprio.dll
2009-02-01 00:50:12 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2009-02-01 00:50:12 ----A---- C:\Windows\system32\esentprf.dll
2009-02-01 00:50:09 ----A---- C:\Windows\system32\osbaseln.dll
2009-02-01 00:50:09 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-02-01 00:50:07 ----A---- C:\Windows\system32\msmmsp.dll
2009-02-01 00:50:07 ----A---- C:\Windows\system32\msisip.dll
2009-02-01 00:50:06 ----A---- C:\Windows\system32\winusb.dll
2009-02-01 00:50:06 ----A---- C:\Windows\system32\rdpcfgex.dll
2009-02-01 00:50:06 ----A---- C:\Windows\system32\dispex.dll
2009-02-01 00:50:04 ----A---- C:\Windows\system32\Nlsdl.dll
2009-02-01 00:50:03 ----A---- C:\Windows\system32\riched32.dll
2009-02-01 00:50:03 ----A---- C:\Windows\system32\msidle.dll
2009-02-01 00:50:03 ----A---- C:\Windows\system32\idndl.dll
2009-02-01 00:50:00 ----A---- C:\Windows\system32\KBDKOR.DLL
2009-02-01 00:50:00 ----A---- C:\Windows\system32\KBDJPN.DLL
2009-02-01 00:49:59 ----A---- C:\Windows\system32\WsmCl.dll
2009-02-01 00:49:59 ----A---- C:\Windows\system32\iscsilog.dll
2009-02-01 00:49:58 ----A---- C:\Windows\system32\vga256.dll
2009-02-01 00:49:58 ----A---- C:\Windows\system32\tsddd.dll
2009-02-01 00:49:58 ----A---- C:\Windows\system32\framebuf.dll
2009-02-01 00:49:56 ----A---- C:\Windows\system32\vga64k.dll
2009-02-01 00:49:56 ----A---- C:\Windows\system32\vga.dll
2009-02-01 00:49:56 ----A---- C:\Windows\system32\bootstr.dll
2009-02-01 00:49:55 ----A---- C:\Windows\system32\spwizres.dll
2009-02-01 00:49:55 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-02-01 00:49:55 ----A---- C:\Windows\system32\dmdskres2.dll
2009-02-01 00:49:53 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2009-02-01 00:49:51 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2009-02-01 00:49:51 ----A---- C:\Windows\system32\fsmgmt.msc
2009-02-01 00:49:48 ----A---- C:\Windows\system32\perfmon.msc
2009-02-01 00:49:47 ----A---- C:\Windows\system32\vsp1cln.exe
2009-02-01 00:49:25 ----A---- C:\Windows\system32\WpdMtp.dll
2009-02-01 00:49:05 ----A---- C:\Windows\system32\xmllite.dll
2009-02-01 00:49:03 ----A---- C:\Windows\system32\wbemcomn.dll
2009-02-01 00:48:57 ----A---- C:\Windows\system32\sqmapi.dll
2009-02-01 00:48:57 ----A---- C:\Windows\system32\SmiInstaller.dll
2009-02-01 00:48:57 ----A---- C:\Windows\system32\SmiEngine.dll
2009-02-01 00:48:50 ----A---- C:\Windows\system32\wdscore.dll
2009-02-01 00:48:50 ----A---- C:\Windows\system32\PkgMgr.exe
2009-02-01 00:48:33 ----A---- C:\Windows\system32\mspatcha.dll
2009-02-01 00:48:33 ----A---- C:\Windows\system32\drvstore.dll
2009-02-01 00:48:33 ----A---- C:\Windows\system32\dpx.dll
2009-02-01 00:48:32 ----A---- C:\Windows\system32\msdelta.dll
2009-01-31 20:16:39 ----D---- C:\Users\James\AppData\Roaming\skypePM
2009-01-31 20:14:32 ----D---- C:\Users\James\AppData\Roaming\Skype
2009-01-31 01:55:31 ----D---- C:\Program Files\Skype
2009-01-31 01:55:30 ----D---- C:\Program Files\Common Files\Skype
2009-01-31 01:55:23 ----D---- C:\ProgramData\Skype
2009-01-30 19:13:39 ----D---- C:\Users\James\AppData\Roaming\WinRAR
2009-01-30 19:13:05 ----D---- C:\Program Files\WinRAR
2009-01-30 17:12:20 ----A---- C:\Windows\system32\es.dll
2009-01-30 17:05:35 ----A---- C:\Windows\system32\infocardapi.dll
2009-01-30 17:05:35 ----A---- C:\Windows\system32\icardres.dll
2009-01-30 17:05:35 ----A---- C:\Windows\system32\icardagt.exe
2009-01-30 17:05:26 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 17:05:25 ----A---- C:\Windows\system32\PresentationHost.exe
2009-01-30 17:05:24 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-01-30 17:05:24 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-01-30 16:38:52 ----A---- C:\Windows\system32\dfshim.dll
2009-01-30 16:38:51 ----A---- C:\Windows\system32\netfxperf.dll
2009-01-30 16:38:49 ----A---- C:\Windows\system32\mscoree.dll
2009-01-30 16:38:48 ----A---- C:\Windows\system32\mscories.dll
2009-01-30 16:38:48 ----A---- C:\Windows\system32\mscorier.dll
2009-01-29 13:32:39 ----D---- C:\Users\James\AppData\Roaming\Leadertech
2009-01-29 13:32:06 ----D---- C:\ProgramData\Logishrd
2009-01-29 13:31:49 ----D---- C:\ProgramData\Logitech
2009-01-29 08:55:55 ----A---- C:\Windows\system32\winipsec.dll
2009-01-29 08:55:55 ----A---- C:\Windows\system32\polstore.dll
2009-01-29 08:55:55 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-01-29 08:55:55 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-01-29 08:53:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-01-29 08:53:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-01-29 08:53:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-01-29 08:41:35 ----A---- C:\Windows\system32\gdi32.dll
2009-01-29 08:37:50 ----D---- C:\Program Files\Common Files\logishrd
2009-01-29 08:35:25 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-01-29 08:35:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-01-29 08:35:19 ----A---- C:\Windows\system32\gameux.dll
2009-01-29 08:33:47 ----A---- C:\Windows\system32\wmpeffects.dll
2009-01-29 08:31:04 ----A---- C:\Windows\system32\msxml3r.dll
2009-01-29 08:31:04 ----A---- C:\Windows\system32\msxml3.dll
2009-01-29 08:25:40 ----A---- C:\Windows\system32\netapi32.dll
2009-01-29 08:24:30 ----A---- C:\Windows\system32\tzres.dll
2009-01-29 08:21:20 ----A---- C:\Windows\system32\shell32.dll
2009-01-29 08:17:44 ----A---- C:\Windows\explorer.exe
2009-01-29 08:15:46 ----A---- C:\Windows\system32\hcrstco.dll
2009-01-29 08:15:46 ----A---- C:\Windows\system32\hccoin.dll
2009-01-29 08:13:50 ----A---- C:\Windows\system32\ieui.dll
2009-01-29 08:10:38 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-01-29 08:10:38 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-01-29 08:10:37 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-01-29 08:10:37 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-01-29 08:10:37 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-01-29 08:10:37 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-01-29 08:10:36 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-01-29 08:10:35 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-01-29 08:10:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-01-29 08:10:34 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-01-29 08:10:34 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-01-29 08:10:33 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-01-29 08:10:33 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-01-29 08:10:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-01-29 08:10:32 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-01-29 08:10:32 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-01-29 08:10:31 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-01-29 08:10:29 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-01-29 08:10:28 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-01-29 08:10:27 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-01-29 08:10:27 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-01-29 08:10:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-01-29 08:10:26 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-01-29 08:10:26 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-01-29 08:10:26 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-01-29 08:10:25 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-01-29 08:10:25 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-01-29 08:10:25 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-01-29 08:10:24 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-01-29 08:10:24 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-01-29 08:10:23 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-01-29 08:10:23 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-01-29 08:10:22 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-01-29 08:10:22 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-01-29 08:10:21 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-01-29 08:10:21 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-01-29 08:10:20 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-01-29 08:10:20 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-01-29 08:10:19 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-01-29 08:10:19 ----A---- C:\Windows\system32\NlsData0045.dll
2009-01-29 08:10:18 ----A---- C:\Windows\system32\NlsData0049.dll
2009-01-29 08:10:18 ----A---- C:\Windows\system32\NlsData0047.dll
2009-01-29 08:10:18 ----A---- C:\Windows\system32\NlsData0046.dll
2009-01-29 08:10:17 ----A---- C:\Windows\system32\NlsData0039.dll
2009-01-29 08:10:17 ----A---- C:\Windows\system32\NlsData0022.dll
2009-01-29 08:10:17 ----A---- C:\Windows\system32\NlsData0021.dll
2009-01-29 08:10:17 ----A---- C:\Windows\system32\NlsData0020.dll
2009-01-29 08:10:16 ----A---- C:\Windows\system32\NlsData0027.dll
2009-01-29 08:10:16 ----A---- C:\Windows\system32\NlsData0026.dll
2009-01-29 08:10:16 ----A---- C:\Windows\system32\NlsData0024.dll
2009-01-29 08:10:15 ----A---- C:\Windows\system32\NlsData0018.dll
2009-01-29 08:10:15 ----A---- C:\Windows\system32\NlsData0013.dll
2009-01-29 08:10:15 ----A---- C:\Windows\system32\NlsData0011.dll
2009-01-29 08:10:15 ----A---- C:\Windows\system32\NlsData0010.dll
2009-01-29 08:10:14 ----A---- C:\Windows\system32\NlsData0019.dll
2009-01-29 08:10:14 ----A---- C:\Windows\system32\NlsData0001.dll
2009-01-29 08:10:14 ----A---- C:\Windows\system32\NlsData0000.dll
2009-01-29 08:10:13 ----A---- C:\Windows\system32\NlsData0007.dll
2009-01-29 08:10:13 ----A---- C:\Windows\system32\NlsData0003.dll
2009-01-29 08:10:13 ----A---- C:\Windows\system32\NlsData0002.dll
2009-01-29 08:10:12 ----A---- C:\Windows\system32\NlsData004b.dll
2009-01-29 08:10:12 ----A---- C:\Windows\system32\NlsData004a.dll
2009-01-29 08:10:12 ----A---- C:\Windows\system32\NlsData0009.dll
2009-01-29 08:10:11 ----A---- C:\Windows\system32\NlsData004e.dll
2009-01-29 08:10:11 ----A---- C:\Windows\system32\NlsData004c.dll
2009-01-29 08:10:11 ----A---- C:\Windows\system32\NlsData003e.dll
2009-01-29 08:10:10 ----A---- C:\Windows\system32\NlsData002a.dll
2009-01-29 08:10:10 ----A---- C:\Windows\system32\NlsData001b.dll
2009-01-29 08:10:10 ----A---- C:\Windows\system32\NlsData001a.dll
2009-01-29 08:10:09 ----A---- C:\Windows\system32\NlsData001d.dll
2009-01-29 08:10:09 ----A---- C:\Windows\system32\NlsData000a.dll
2009-01-29 08:10:08 ----A---- C:\Windows\system32\NlsData000d.dll
2009-01-29 08:10:08 ----A---- C:\Windows\system32\NlsData000c.dll
2009-01-29 08:10:07 ----A---- C:\Windows\system32\NlsData0416.dll
2009-01-29 08:10:07 ----A---- C:\Windows\system32\NlsData0414.dll
2009-01-29 08:10:07 ----A---- C:\Windows\system32\NlsData000f.dll
2009-01-29 08:10:06 ----A---- C:\Windows\system32\NlsData081a.dll
2009-01-29 08:10:06 ----A---- C:\Windows\system32\NlsData0816.dll
2009-01-29 08:10:06 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-01-29 08:10:05 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-01-29 08:10:05 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-01-29 08:06:41 ----A---- C:\Windows\system32\kbd106n.dll
2009-01-29 08:06:36 ----A---- C:\Windows\system32\winresume.exe
2009-01-29 08:06:36 ----A---- C:\Windows\system32\winload.exe
2009-01-29 08:06:35 ----A---- C:\Windows\system32\srdelayed.exe
2009-01-29 08:06:35 ----A---- C:\Windows\system32\srcore.dll
2009-01-29 08:06:35 ----A---- C:\Windows\system32\srclient.dll
2009-01-29 08:06:35 ----A---- C:\Windows\system32\rstrui.exe
2009-01-29 08:06:35 ----A---- C:\Windows\system32\kd1394.dll
2009-01-29 08:06:34 ----A---- C:\Windows\system32\setbcdlocale.dll
2009-01-29 08:06:34 ----A---- C:\Windows\system32\ci.dll
2009-01-29 08:02:08 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-01-29 08:02:07 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-01-29 08:02:06 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-01-29 07:59:17 ----A---- C:\Windows\system32\win32spl.dll
2009-01-29 07:59:17 ----A---- C:\Windows\system32\printcom.dll
2009-01-29 07:58:45 ----A---- C:\Windows\system32\wshrm.dll
2009-01-29 07:56:01 ----A---- C:\Windows\system32\rrinstaller.exe
2009-01-29 07:56:01 ----A---- C:\Windows\system32\mfps.dll
2009-01-29 07:56:01 ----A---- C:\Windows\system32\mfpmp.exe
2009-01-29 07:56:01 ----A---- C:\Windows\system32\mferror.dll
2009-01-29 07:56:01 ----A---- C:\Windows\system32\mf.dll
2009-01-29 07:56:00 ----A---- C:\Windows\system32\logagent.exe
2009-01-29 07:55:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-01-29 07:55:59 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-01-29 07:54:56 ----A---- C:\Windows\system32\connect.dll
2009-01-29 07:54:29 ----A---- C:\Windows\system32\quartz.dll
2009-01-29 07:53:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-01-29 07:53:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-01-29 07:52:42 ----A---- C:\Windows\system32\msxml6r.dll
2009-01-29 07:52:42 ----A---- C:\Windows\system32\msxml6.dll
2009-01-28 20:03:38 ----A---- C:\Windows\system32\INETRES.dll
2009-01-28 20:03:38 ----A---- C:\Windows\system32\inetcomm.dll
2009-01-28 17:51:57 ----D---- C:\Program Files\uTorrent
2009-01-28 17:51:40 ----D---- C:\Users\James\AppData\Roaming\uTorrent
2009-01-28 15:09:40 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-01-28 15:02:40 ----D---- C:\Program Files\Microsoft
2009-01-28 15:01:38 ----D---- C:\Program Files\Windows Live
2009-01-28 15:00:52 ----D---- C:\Windows\PCHEALTH
2009-01-28 14:58:47 ----D---- C:\Program Files\Common Files\Windows Live
2009-01-28 14:54:21 ----D---- C:\Users\James\AppData\Roaming\Macromedia
2009-01-28 14:54:21 ----D---- C:\Users\James\AppData\Roaming\Adobe
2009-01-28 14:54:17 ----D---- C:\Windows\system32\Macromed
2009-01-28 14:53:24 ----A---- C:\Windows\system32\wups2.dll
2009-01-28 14:53:24 ----A---- C:\Windows\system32\wucltux.dll
2009-01-28 14:53:24 ----A---- C:\Windows\system32\wuaueng.dll
2009-01-28 14:53:24 ----A---- C:\Windows\system32\wuauclt.exe
2009-01-28 14:52:56 ----A---- C:\Windows\system32\wups.dll
2009-01-28 14:52:56 ----A---- C:\Windows\system32\wudriver.dll
2009-01-28 14:52:56 ----A---- C:\Windows\system32\wuapi.dll
2009-01-28 14:52:40 ----A---- C:\Windows\system32\wuwebv.dll
2009-01-28 14:52:40 ----A---- C:\Windows\system32\wuapp.exe
2009-01-28 14:50:24 ----D---- C:\Program Files\Belkin
2009-01-28 14:50:13 ----D---- C:\Users\James\AppData\Roaming\InstallShield
2009-01-28 14:48:55 ----D---- C:\Users\James\AppData\Roaming\Identities
2009-01-28 14:48:46 ----D---- C:\Program Files\Common Files\Adobe
2009-01-28 14:48:44 ----D---- C:\ProgramData\Adobe
2009-01-28 14:48:38 ----SHD---- C:\Windows\Installer
2009-01-28 14:48:05 ----D---- C:\Program Files\Adobe
2009-01-28 14:47:59 ----SD---- C:\Users\James\AppData\Roaming\Microsoft
2009-01-28 14:41:29 ----D---- C:\Windows\SoftwareDistribution
2009-01-28 14:36:06 ----SHD---- C:\System Volume Information
2009-01-25 21:10:48 ----A---- C:\Windows\system32\xvidvfw.dll
2009-01-08 23:01:22 ----A---- C:\Windows\system32\xvidcore.dll

======List of files/folders modified in the last 3 months======

2009-03-27 13:48:30 ----D---- C:\Windows\System32
2009-03-27 13:48:26 ----D---- C:\Program Files
2009-03-27 13:48:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-27 13:48:03 ----D---- C:\Program Files\Common Files\InstallShield
2009-03-27 13:31:27 ----D---- C:\Windows\inf
2009-03-27 13:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-27 13:27:35 ----D---- C:\Windows\Tasks
2009-03-27 06:11:49 ----D---- C:\Windows
2009-03-26 20:42:14 ----D---- C:\Windows\Prefetch
2009-03-26 20:33:49 ----HD---- C:\ProgramData
2009-03-26 17:31:12 ----D---- C:\Windows\system32\drivers
2009-03-26 17:31:11 ----D---- C:\Windows\system32\catroot
2009-03-22 16:05:58 ----D---- C:\Windows\rescache
2009-03-22 16:01:15 ----D---- C:\Windows\winsxs
2009-03-22 15:50:47 ----D---- C:\Windows\system32\catroot2
2009-03-22 15:47:36 ----D---- C:\Program Files\Internet Explorer
2009-03-22 15:47:35 ----D---- C:\Windows\system32\migration
2009-03-22 15:47:35 ----D---- C:\Windows\system32\en-US
2009-03-21 21:40:50 ----D---- C:\Windows\PolicyDefinitions
2009-03-14 05:52:05 ----D---- C:\Program Files\S3
2009-03-14 05:51:44 ----D---- C:\Windows\Help
2009-03-14 05:47:49 ----A---- C:\Windows\DIFxAPI.dll
2009-03-12 00:27:28 ----RSD---- C:\Windows\assembly
2009-03-11 17:27:34 ----D---- C:\Program Files\Windows Mail
2009-03-08 03:39:55 ----D---- C:\Program Files\Common Files
2009-03-07 21:43:47 ----RSD---- C:\Windows\Fonts
2009-03-06 03:00:47 ----SD---- C:\Windows\Downloaded Program Files
2009-03-03 02:24:00 ----D---- C:\Program Files\Windows Media Player
2009-03-03 01:00:07 ----D---- C:\Windows\system32\Tasks
2009-03-03 00:49:02 ----SHD---- C:\Boot
2009-03-03 00:49:01 ----D---- C:\Windows\system32\config
2009-03-03 00:40:26 ----ASH---- C:\Program Files\desktop.ini
2009-03-01 18:46:52 ----SD---- C:\ProgramData\Microsoft
2009-02-28 20:09:46 ----A---- C:\Windows\system32\rmoc3260.dll
2009-02-28 20:09:40 ----A---- C:\Windows\system32\pncrt.dll
2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe
2009-02-22 09:59:52 ----D---- C:\Windows\Microsoft.NET
2009-02-22 08:25:39 ----D---- C:\Program Files\Common Files\System
2009-02-22 08:21:08 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-22 03:16:42 ----A---- C:\Windows\win.ini
2009-02-21 21:53:03 ----A---- C:\Windows\system.ini
2009-02-21 21:46:57 ----D---- C:\Windows\AppPatch
2009-02-10 19:17:14 ----D---- C:\Windows\Logs
2009-02-10 19:13:15 ----D---- C:\Windows\Cursors
2009-02-01 16:03:44 ----D---- C:\Program Files\MSBuild
2009-02-01 01:45:54 ----D---- C:\Program Files\Windows Sidebar
2009-02-01 01:45:54 ----D---- C:\Program Files\Windows Calendar
2009-02-01 01:45:54 ----D---- C:\Program Files\Movie Maker
2009-02-01 01:45:53 ----D---- C:\Program Files\Windows Photo Gallery
2009-02-01 01:45:53 ----D---- C:\Program Files\Windows Collaboration
2009-02-01 01:45:51 ----D---- C:\Windows\servicing
2009-02-01 01:45:51 ----D---- C:\Windows\MSAgent
2009-02-01 01:45:51 ----D---- C:\Program Files\Windows Defender
2009-02-01 01:45:50 ----D---- C:\Windows\system32\com
2009-02-01 01:45:50 ----D---- C:\Windows\L2Schemas
2009-02-01 01:45:50 ----D---- C:\Windows\IME
2009-02-01 01:45:50 ----D---- C:\Windows\DigitalLocker
2009-02-01 01:45:49 ----D---- C:\Windows\system32\ko-KR
2009-02-01 01:45:49 ----D---- C:\Windows\system32\da-DK
2009-02-01 01:45:45 ----D---- C:\Windows\system32\sysprep
2009-02-01 01:45:45 ----D---- C:\Windows\system32\oobe
2009-02-01 01:45:45 ----D---- C:\Windows\system32\it-IT
2009-02-01 01:45:45 ----D---- C:\Windows\system32\el-GR
2009-02-01 01:45:45 ----D---- C:\Windows\system32\de-DE
2009-02-01 01:45:43 ----D---- C:\Windows\system32\sv-SE
2009-02-01 01:45:43 ----D---- C:\Windows\system32\setup
2009-02-01 01:45:43 ----D---- C:\Windows\system32\ru-RU
2009-02-01 01:45:43 ----D---- C:\Windows\system32\ias
2009-02-01 01:45:43 ----D---- C:\Windows\system32\he-IL
2009-02-01 01:45:43 ----D---- C:\Windows\system32\fr-FR
2009-02-01 01:45:43 ----D---- C:\Windows\system32\AdvancedInstallers
2009-02-01 01:45:42 ----D---- C:\Windows\system32\SLUI
2009-02-01 01:45:42 ----D---- C:\Windows\system32\pt-PT
2009-02-01 01:45:42 ----D---- C:\Windows\system32\hu-HU
2009-02-01 01:45:42 ----D---- C:\Windows\system32\fi-FI
2009-02-01 01:45:42 ----D---- C:\Windows\system32\cs-CZ
2009-02-01 01:45:41 ----D---- C:\Windows\system32\zh-CN
2009-02-01 01:45:40 ----D---- C:\Windows\system32\zh-TW
2009-02-01 01:45:40 ----D---- C:\Windows\system32\ro-RO
2009-02-01 01:45:40 ----D---- C:\Windows\system32\pl-PL
2009-02-01 01:45:40 ----D---- C:\Windows\system32\manifeststore
2009-02-01 01:45:40 ----D---- C:\Windows\system32\ja-JP
2009-02-01 01:45:40 ----D---- C:\Windows\system32\es-ES
2009-02-01 01:45:40 ----D---- C:\Windows\system32\en
2009-02-01 01:45:39 ----D---- C:\Windows\system32\wbem
2009-02-01 01:45:39 ----D---- C:\Windows\system32\tr-TR
2009-02-01 01:45:38 ----D---- C:\Windows\system32\nl-NL
2009-02-01 01:45:38 ----D---- C:\Windows\system32\nb-NO
2009-02-01 01:45:38 ----D---- C:\Windows\system32\ar-SA
2009-02-01 01:45:36 ----D---- C:\Windows\system32\pt-BR
2009-02-01 01:45:36 ----D---- C:\Windows\system32\migwiz
2009-02-01 01:44:47 ----D---- C:\Windows\Boot
2009-02-01 01:44:42 ----D---- C:\Windows\system32\Boot
2009-02-01 01:31:37 ----A---- C:\Windows\system32\ifxcardm.dll
2009-02-01 01:31:36 ----A---- C:\Windows\system32\axaltocm.dll
2009-01-31 23:27:21 ----D---- C:\Windows\system32\WDI
2009-01-30 18:13:25 ----D---- C:\Windows\system32\XPSViewer
2009-01-30 16:14:18 ----D---- C:\Windows\Debug
2009-01-29 13:22:32 ----D---- C:\Windows\system32\ras
2009-01-29 13:22:32 ----D---- C:\Windows\system32\icsxml
2009-01-29 08:37:51 ----D---- C:\Windows\twain_32
2009-01-28 20:18:11 ----D---- C:\Windows\system32\NDF
2009-01-28 15:20:18 ----D---- C:\Windows\system32\LogFiles
2009-01-28 15:19:42 ----SHD---- C:\$Recycle.Bin
2009-01-28 14:56:58 ----RD---- C:\Users
2009-01-28 14:50:13 ----D---- C:\Windows\system32\restore
2009-01-28 14:38:27 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\Windows\system32\DRIVERS\BLKWGU.sys [2007-05-31 252416]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-03-20 47360]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
R3 S3GIGP;S3GIGP; C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2008-10-17 809472]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S1 gaopdxserv.sys;gaopdxserv.sys; C:\Windows\system32\drivers\gaopdxinummxbs.sys []
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 S3G700;S3G700; C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2008-10-17 809472]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 GoToMyPC;GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [2008-09-30 258856]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-03-02 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 182768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-03 655624]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-03-02 360192]

-----------------EOF-----------------
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 27th, 2009, 8:11 pm

Hello,

sorry had to make 3 posts as there were to many characters for 1 or 2 posts

No problem. :)

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following programs and click on the Change/Remove button to uninstall them.

    LimeWire PRO 5.0.11

  3. Close Add/Remove Programs and Control Panel when done.

Please post a new HijackThis log when done.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 29th, 2009, 4:38 pm

Sorry, sister used it. She has a laptop now so she doesnt use my PC anymore. Limewire is gone.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:37:11 PM, on 29/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\S3Funkey.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vuze\Azureus.exe
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... 4&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3Funkey] S3Funkey.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7700 bytes
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 29th, 2009, 5:55 pm

Hi there,

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file C:\Windows\System32\S3Funkey.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Please repeat that process for the following files:
C:\Windows\system32\CF7060.exe
C:\Windows\system32\drivers\gaopdxinummxbs.sys

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
C:\ProgramData\Azureus
C:\Users\James\AppData\Roaming\Azureus
C:\Program Files\Vuze


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 29th, 2009, 6:51 pm

Again, Thank you for your help. Im very greatful.

Im 50/50 about if this is what you wanted for the Virustotal part... Did you want this or the 'show last report' part? nevermind, you can always use the permalink if its that bit you needed.

C:\Windows\System32\S3Funkey.exe
File has already been analysed:
MD5: 4a0d39683494650f560136f7407f5822
First received: 07.27.2008 19:07:57 (CET)
Date: 07.27.2008 19:07:57 (CET) [>245D]
Results: 1/35
Permalink: analisis/0aca2ce443f64c5c4c2138d7235cba9e

C:\Windows\system32\CF7060.exe
File has already been analysed:
MD5: 206031193f3955ba118c054c03d681e1
First received: -
Date: 01.28.2009 04:50:14 (CET) [>60D]
Results: 0/38
Permalink: analisis/1f02739d9448362f8c3b011220308fa5

C:\Windows\system32\drivers\gaopdxinummxbs.sys
This didn't work.

gaopdxinummxbs.sys
File not found.
Please check the file name and try again.

Any ideas about that?

Will add the next bit a.s.a.p.
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 29th, 2009, 7:00 pm

For this file: C:\Windows\System32\S3Funkey.exe, please copy and paste all of the results until the end of the page.

gaopdxinummxbs.sys
File not found.
Please check the file name and try again.

Any ideas about that?


Don't worry about it then. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 29th, 2009, 7:09 pm

Axephilic wrote:For this file: C:\Windows\System32\S3Funkey.exe, please copy and paste all of the results until the end of the page.

----------------

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/TargetSoft.a!Gemini
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 4a0d39683494650f560136f7407f5822
SHA1: aaf47979fa50bf865c082f53a8dbecdef96e5906
SHA256: 7452ea3d5fc722019376d9685ad8dcd812be6c4f3f41c133f916892a81b69ee5
SHA512: 9ef07b08f3ac9bfdf8bc78c7e8c565f71127d054555ebcd31587a8b3daaee1719abdba56aa1522ad5134f3571e44e0ab0af68812b151cb4c113e1358347e1adf



ComboFix 09-03-29.02 - James 2009-03-29 23:57:27.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2494.1740 [GMT 1:00]
Running from: c:\users\James\Desktop\ComboFix.exe
Command switches used :: c:\users\James\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Vuze
c:\program files\Vuze\.install4j\_shfoldr.dll
c:\program files\Vuze\.install4j\autoUninstall.0
c:\program files\Vuze\.install4j\files.log
c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_1_5p83tu_1q2vg51.png
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu_15u5iv8.png
c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu_1hztszn.png
c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_13_5p83tu_z1x7tn.png
c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu_1rjd818.png
c:\program files\Vuze\.install4j\i4j_extf_3_5p83tu_qin5kk.png
c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu_xza4ha.png
c:\program files\Vuze\.install4j\i4j_extf_5_5p83tu_19c5po3.png
c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu_bm8amj.ico
c:\program files\Vuze\.install4j\i4j_extf_7_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu.xpi
c:\program files\Vuze\.install4j\i4jdel.exe
c:\program files\Vuze\.install4j\i4jinst.dll
c:\program files\Vuze\.install4j\i4jparams.conf
c:\program files\Vuze\.install4j\i4jruntime.jar
c:\program files\Vuze\.install4j\inst_jre.cfg
c:\program files\Vuze\.install4j\install.prop
c:\program files\Vuze\.install4j\installation.log
c:\program files\Vuze\.install4j\MessagesDefault
c:\program files\Vuze\.install4j\response.varfile
c:\program files\Vuze\.install4j\unicows.dll
c:\program files\Vuze\.install4j\user.jar
c:\program files\Vuze\aereg.dll
c:\program files\Vuze\Azureus.exe
c:\program files\Vuze\Azureus.exe.manifest
c:\program files\Vuze\Azureus.properties
c:\program files\Vuze\Azureus2.jar
c:\program files\Vuze\AzureusUpdater.exe
c:\program files\Vuze\GPL.txt
c:\program files\Vuze\installer.log
c:\program files\Vuze\msvcr71.dll
c:\program files\Vuze\plugins\azemp\azemp_2.1.01.jar
c:\program files\Vuze\plugins\azemp\azmplay.exe
c:\program files\Vuze\plugins\azemp\azureus.sig
c:\program files\Vuze\plugins\azemp\cp1250-a.raw
c:\program files\Vuze\plugins\azemp\cp1250-b.raw
c:\program files\Vuze\plugins\azemp\font.desc
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw
c:\program files\Vuze\plugins\azemp\plugin.properties
c:\program files\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\program files\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Vuze\plugins\azupdater\azureus.sig
c:\program files\Vuze\plugins\azupdater\plugin.properties
c:\program files\Vuze\plugins\azupdater\Updater.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azureus.sig
c:\program files\Vuze\plugins\azupnpav\plugin.properties
c:\program files\Vuze\swt.jar
c:\program files\Vuze\uninstall.exe
c:\program files\Vuze\Vuze.ico
c:\programdata\Azureus
c:\programdata\Azureus\azCID.txt
C:\test.txt
c:\users\James\AppData\Roaming\Azureus
c:\users\James\AppData\Roaming\Azureus\.certs
c:\users\James\AppData\Roaming\Azureus\.keystore
c:\users\James\AppData\Roaming\Azureus\.lock
c:\users\James\AppData\Roaming\Azureus\active\2E43A757A84EEE3970CABC49AE791F9E6D7F9585.dat
c:\users\James\AppData\Roaming\Azureus\active\2E43A757A84EEE3970CABC49AE791F9E6D7F9585.dat.bak
c:\users\James\AppData\Roaming\Azureus\active\A9154D9A1FD1B877C8575E7C79FA681595FB7BD1.dat
c:\users\James\AppData\Roaming\Azureus\active\A9154D9A1FD1B877C8575E7C79FA681595FB7BD1.dat.bak
c:\users\James\AppData\Roaming\Azureus\active\AD4AF3D1DFA553B505BCF0160DE1792E5B049C19.dat
c:\users\James\AppData\Roaming\Azureus\active\AD4AF3D1DFA553B505BCF0160DE1792E5B049C19.dat.bak
c:\users\James\AppData\Roaming\Azureus\active\BF7AFF73B83AA84337AF13C4A6023221EE6E2116.dat
c:\users\James\AppData\Roaming\Azureus\active\BF7AFF73B83AA84337AF13C4A6023221EE6E2116.dat.bak
c:\users\James\AppData\Roaming\Azureus\active\cache.dat
c:\users\James\AppData\Roaming\Azureus\azureus.config
c:\users\James\AppData\Roaming\Azureus\azureus.config.bak
c:\users\James\AppData\Roaming\Azureus\azureus.statistics
c:\users\James\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\James\AppData\Roaming\Azureus\banips.config
c:\users\James\AppData\Roaming\Azureus\cnetworks.config
c:\users\James\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\James\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\James\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\James\AppData\Roaming\Azureus\dht\general.dat
c:\users\James\AppData\Roaming\Azureus\dht\version.dat
c:\users\James\AppData\Roaming\Azureus\downloads.config
c:\users\James\AppData\Roaming\Azureus\downloads.config.bak
c:\users\James\AppData\Roaming\Azureus\filters.config
c:\users\James\AppData\Roaming\Azureus\friends.config
c:\users\James\AppData\Roaming\Azureus\friends.config.bak
c:\users\James\AppData\Roaming\Azureus\ipfilter.cache
c:\users\James\AppData\Roaming\Azureus\logs\Friends_1.log
c:\users\James\AppData\Roaming\Azureus\logs\thread_2.log
c:\users\James\AppData\Roaming\Azureus\logs\v3.Friends_2.log
c:\users\James\AppData\Roaming\Azureus\metasearch.config
c:\users\James\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\James\AppData\Roaming\Azureus\net\pm_13285.dat
c:\users\James\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\James\AppData\Roaming\Azureus\sidebarauto.config
c:\users\James\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\James\AppData\Roaming\Azureus\subs\07ABDD32A54D704B48FE.vuze
c:\users\James\AppData\Roaming\Azureus\subs\24B8E9AC78200A71D3DA.vuze
c:\users\James\AppData\Roaming\Azureus\subs\A1BE3EBC43A88A574BB4.vuze
c:\users\James\AppData\Roaming\Azureus\subs\EF0B9C6DCE240E6A2029.vuze
c:\users\James\AppData\Roaming\Azureus\subscriptions.config
c:\users\James\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\James\AppData\Roaming\Azureus\tables.config
c:\users\James\AppData\Roaming\Azureus\tables.config.bak
c:\users\James\AppData\Roaming\Azureus\timingstats.dat
c:\users\James\AppData\Roaming\Azureus\tmp\AZU2408151925702517023.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU5495669784856412468.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU5658727455777686171.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU614417209208862867.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU6715622205982025920.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU7000941709804148719.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU7337110902102555298.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU8039128255926504992.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU8474953956746299715.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU8630131553960124240.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU922928046609471993.tmp
c:\users\James\AppData\Roaming\Azureus\tmp\AZU95304732687239305.tmp
c:\users\James\AppData\Roaming\Azureus\torrents\[isoHunt] Death - Live in L.A by Vladdrakulya.torrent
c:\users\James\AppData\Roaming\Azureus\torrents\+-Demonoid.com-+_Killswitch_Engage_LIVE_at_the_Rock_AM_Ring_2007_5378546.8438.torrent
c:\users\James\AppData\Roaming\Azureus\torrents\Killswitch Engage - (Set This) World Ablaze - Full DVD-[rarbg.com].torrent
c:\users\James\AppData\Roaming\Azureus\torrents\System_Of_A_Down___Live_Big_Day_Out_2002_torrent.torrent
c:\users\James\AppData\Roaming\Azureus\tracker.config
c:\users\James\AppData\Roaming\Azureus\tracker.config.bak
c:\users\James\AppData\Roaming\Azureus\unsentdata.config
c:\users\James\AppData\Roaming\Azureus\unsentdata.config.bak
c:\users\James\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\James\AppData\Roaming\Azureus\v3.Friends.dat.bak
c:\users\James\AppData\Roaming\Azureus\VuzeActivities.config
c:\windows\vmreg32.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 22:12 . 2009-03-29 22:12 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-29 21:58 . 2009-03-29 21:58 <DIR> d-------- c:\program files\CCleaner
2009-03-29 12:50 . 2009-03-29 12:50 65 --a------ c:\windows\FISHUI.INI
2009-03-29 12:19 . 2009-03-29 12:47 <DIR> d-------- c:\users\James\AppData\Roaming\DataCast
2009-03-29 12:18 . 2009-03-29 12:18 <DIR> d-------- c:\program files\Samsung
2009-03-27 16:55 . 2009-03-27 16:56 <DIR> d-------- C:\rsit
2009-03-27 14:48 . 2009-03-27 14:48 <DIR> d-------- c:\program files\Citrix
2009-03-27 14:48 . 2008-09-30 17:04 42,792 --a------ c:\windows\System32\gotomon.dll
2009-03-26 21:30 . 2009-03-29 23:31 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-03-21 04:38 . 2009-03-21 08:02 <DIR> d-------- c:\users\James\AppData\Roaming\Any Video Converter
2009-03-21 04:38 . 2009-03-21 04:39 <DIR> d-------- c:\program files\Any Video Converter
2009-03-20 01:51 . 2009-03-20 01:51 81,920 --a------ c:\users\James\AppData\Roaming\ezpinst.exe
2009-03-17 01:47 . 2009-03-17 01:47 <DIR> d-------- c:\users\Mishy Moo\AppData\Roaming\DivX
2009-03-15 18:19 . 2009-03-15 18:19 <DIR> d-------- c:\users\James\AppData\Roaming\AdobeUM
2009-03-14 06:59 . 2009-03-14 06:59 <DIR> d-------- c:\program files\VIA
2009-03-14 06:59 . 2007-09-20 11:43 331,184 --------- c:\windows\System32\difxapi.dll
2009-03-14 06:58 . 2008-12-16 16:48 21,144 --a------ c:\windows\System32\drivers\xfilt.sys
2009-03-14 06:58 . 2008-12-16 16:47 13,976 --a------ c:\windows\System32\drivers\videX32.sys
2009-03-14 06:56 . 2009-03-14 06:56 <DIR> d-------- c:\program files\Realtek
2009-03-14 06:56 . 2008-10-29 17:29 43,520 --a------ c:\windows\System32\drivers\Rtnicxp.sys
2009-03-14 06:49 . 2007-05-22 17:54 1,769,472 --a------ c:\windows\System32\VTROM.bin
2009-03-14 06:47 . 2009-03-14 06:48 <DIR> d--h----- c:\program files\Temp
2009-03-13 01:22 . 2009-03-13 01:22 <DIR> d-------- c:\users\James\AppData\Roaming\GetRightToGo
2009-03-12 01:54 . 2009-03-12 01:54 <DIR> d-------- c:\users\All Users\SymplisIT
2009-03-12 01:54 . 2009-03-12 01:54 <DIR> d-------- c:\programdata\SymplisIT
2009-03-12 01:53 . 2009-03-14 06:32 <DIR> d-------- C:\Driver Backups
2009-03-12 01:49 . 2009-03-12 01:49 <DIR> d-------- c:\program files\SymplisIT
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-12 01:26 . 2009-03-12 01:26 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-03-12 01:26 . 2009-03-12 01:26 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2009-03-11 12:02 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 12:01 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-08 04:41 . 2009-03-08 04:41 <DIR> d-------- c:\windows\Icon_Patcher
2009-03-08 04:39 . 2009-03-08 04:39 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-03 20:22 . 2009-03-03 20:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-03 03:15 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-03 03:15 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-03 03:15 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-03 03:15 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-03 02:48 . 2009-03-03 02:48 <DIR> d-------- c:\program files\Adobe Media Player
2009-03-03 02:44 . 2009-03-03 02:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-03 00:59 . 2009-03-14 07:07 50 --a------ c:\windows\MegaManager.INI
2009-03-02 19:19 . 2009-03-02 19:19 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-02 19:19 . 2009-03-02 19:19 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-02 19:19 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-02 19:19 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-02 17:48 . 2009-03-12 02:56 <DIR> d-------- c:\program files\uTorrent Turbo Booster
2009-03-01 08:58 . 2009-03-01 08:58 <DIR> d-------- c:\users\Jacqueline\AppData\Roaming\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 20:52 --------- d-----w c:\program files\AviSynth 2.5
2009-03-29 20:43 --------- d-----w c:\program files\Xilisoft
2009-03-29 20:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 20:42 --------- d-----w c:\programdata\eBay
2009-03-29 20:33 --------- d-----w c:\users\James\AppData\Roaming\Skype
2009-03-29 19:44 --------- d-----w c:\programdata\Google Updater
2009-03-29 16:29 --------- d-----w c:\users\James\AppData\Roaming\skypePM
2009-03-29 11:16 348,160 ----a-w c:\windows\System32\msvcr71.dll
2009-03-27 13:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-26 17:44 --------- d-----w c:\users\James\AppData\Roaming\uTorrent
2009-03-20 00:52 --------- d-----w c:\users\James\AppData\Roaming\Vso
2009-03-20 00:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-20 00:51 47,360 ----a-w c:\users\James\AppData\Roaming\pcouffin.sys
2009-03-14 18:55 --------- d-----w c:\users\James\AppData\Roaming\dvdcss
2009-03-14 05:52 --------- d-----w c:\program files\S3
2009-03-14 05:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-03-11 20:13 --------- d-----w c:\users\James\AppData\Roaming\LimeWire
2009-03-11 17:43 --------- d-----w c:\programdata\Microsoft Help
2009-03-11 17:27 --------- d-----w c:\program files\Windows Mail
2009-03-08 13:11 --------- d-----w c:\users\James\AppData\Roaming\gtk-2.0
2009-03-03 01:50 --------- d-----w c:\program files\Common Files\Adobe
2009-03-03 00:40 174 --sha-w c:\program files\desktop.ini
2009-03-02 18:19 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-28 21:43 --------- d-----w c:\users\Mishy Moo\AppData\Roaming\ESET
2009-02-28 20:42 --------- d-----w c:\program files\XviD
2009-02-28 20:29 --------- d-----w c:\users\James\AppData\Roaming\ESET
2009-02-28 20:26 --------- d-----w c:\programdata\ESET
2009-02-28 20:26 --------- d-----w c:\program files\ESET
2009-02-28 20:09 --------- d-----w c:\program files\Real
2009-02-28 20:09 --------- d-----w c:\program files\Common Files\xing shared
2009-02-28 20:09 --------- d-----w c:\program files\Common Files\Real
2009-02-22 08:25 --------- d-----w c:\program files\Windows Live
2009-02-22 08:25 --------- d-----w c:\program files\Microsoft
2009-02-22 08:24 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-22 08:21 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 03:23 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-21 16:28 --------- d-----w c:\programdata\Norton
2009-02-21 14:30 --------- d-----w c:\users\James\AppData\Roaming\Malwarebytes
2009-02-21 14:29 --------- d-----w c:\programdata\Malwarebytes
2009-02-21 14:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-20 00:52 --------- d-----w c:\program files\Trend Micro
2009-02-20 00:33 --------- d-----w c:\programdata\Symantec
2009-02-20 00:27 --------- d-----w c:\programdata\NortonInstaller
2009-02-19 19:31 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 16:52 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-19 16:52 --------- d-----w c:\program files\Java
2009-02-19 15:14 --------- d-----w c:\users\James\AppData\Roaming\DMCache
2009-02-19 03:02 --------- d-----w c:\programdata\DVD Shrink
2009-02-19 02:53 --------- d-----w c:\users\James\AppData\Roaming\HandBrake
2009-02-17 05:14 --------- d-----w c:\users\James\AppData\Roaming\Megaupload
2009-02-17 05:09 --------- d-----w c:\programdata\Megaupload
2009-02-17 05:09 --------- d-----w c:\programdata\EmailNotifier
2009-02-17 05:08 --------- d-----w c:\program files\Megaupload
2009-02-17 02:14 --------- d-----w c:\program files\RealArcade
2009-02-16 15:40 --------- d-----w c:\users\James\AppData\Roaming\Xilisoft Corporation
2009-02-14 11:49 --------- d-----w c:\program files\GIMP-2.0
2009-02-11 16:48 --------- d-----w c:\programdata\FLEXnet
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 09:00 --------- d-----w c:\users\James\AppData\Roaming\TuneUp Software
2009-02-11 08:59 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-11 08:59 --------- d-----w c:\programdata\TuneUp Software
2009-02-11 08:58 --------- d-----w c:\program files\Google
2009-02-11 08:54 --------- d-----w c:\program files\PC Tune-Up
2009-02-11 08:11 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-09 14:12 --------- d-----w c:\programdata\TEMP
2009-02-06 19:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 18:08 55,280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 15:03 --------- d-----w c:\users\Jacqueline\AppData\Roaming\AdobeUM
2009-02-05 23:52 --------- d-----w c:\users\Mishy Moo\AppData\Roaming\Skype
2009-02-05 13:37 49,152 ----a-r c:\windows\System32\inetwh32.dll
2009-02-05 13:37 1,044,480 ----a-r c:\windows\System32\roboex32.dll
2009-02-03 20:29 --------- d-----w c:\users\Jacqueline\AppData\Roaming\DivX
2009-02-02 22:11 --------- d-----w c:\users\James\AppData\Roaming\DivX
2009-02-02 22:10 --------- d-----w c:\program files\DivX
2009-02-02 22:09 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-02-01 16:33 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-01 16:03 --------- d-----w c:\program files\MSBuild
2009-02-01 16:03 --------- d-----w c:\program files\Microsoft Works
2009-02-01 16:02 --------- d-----w c:\program files\Microsoft.NET
2009-02-01 15:59 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-01 02:15 --------- d-----w c:\program files\Common Files\logishrd
2009-02-01 02:13 --------- d-----w c:\programdata\Logishrd
2009-02-01 02:13 --------- d-----w c:\program files\Logitech
2009-02-01 01:45 --------- d-----w c:\program files\Windows Sidebar
2009-02-01 01:45 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-01 01:45 --------- d-----w c:\program files\Windows Defender
2009-02-01 01:45 --------- d-----w c:\program files\Windows Collaboration
2009-02-01 01:45 --------- d-----w c:\program files\Windows Calendar
2009-02-01 01:31 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-01 01:31 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-01 01:17 --------- d-----w c:\users\James\AppData\Roaming\Apple Computer
2009-02-01 01:16 --------- d-----w c:\programdata\Apple Computer
2009-02-01 01:16 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 01:16 --------- d-----w c:\program files\iTunes
2009-02-01 01:16 --------- d-----w c:\program files\iPod
2009-02-01 01:16 --------- d-----w c:\program files\Common Files\Apple
2009-02-01 01:15 --------- d-----w c:\program files\Bonjour
2009-02-01 01:14 --------- d-----w c:\program files\QuickTime
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_21.53.47.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-02 19:57:52 184,191 ----a-w c:\windows\ApplyTheme.exe
- 2009-02-01 16:02:54 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-22 03:18:03 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2009-02-01 16:02:54 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-02-22 03:10:39 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-02-01 16:03:44 118,112 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-02-22 03:11:10 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2009-02-01 16:03:44 609,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-02-22 03:11:10 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-03-12 00:27:15 265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\18080b703544e6038e184d7d6a31b932\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2009-03-12 00:27:12 3,295,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\8c2ad76af59fb9b4b67908bd41f03929\DriversHQ.DriverDetective.Client.ni.exe
+ 2009-03-12 00:27:17 227,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\910f0eb01d5a904339c535d25c144b9d\DriversHQ.DriverDetective.Common.ni.dll
+ 2009-03-12 00:27:27 46,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\b108d18e492693c8c8c9318082c0c4e7\DriversHQ.DriverDetective.Client.DirectX.ni.dll
+ 2009-03-12 00:27:21 57,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\f8e82904c34db2e65f0fe694302d6aa5\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2009-03-12 00:27:23 230,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\e3644d330a67bbeebbf49060edc11c27\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2009-03-12 00:27:25 304,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\52d9f06436583a3f48df5c629d072d96\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2009-03-12 00:27:26 148,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\7e63ae27393c3cb39a7684373ebc825f\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2009-03-12 00:27:24 309,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a8c9d74290413ebf5632c68277a7fac7\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2009-02-22 09:59:09 145,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b6c3541e8a9df4ddbd720eb4c4dfd5e8\WindowsLive.Client.ni.dll
+ 2009-02-22 09:59:06 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\01ac4b7ff5021dad8a2a4ca560e4b2d7\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-02-22 09:58:57 843,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0521176f85dd52cee07fb05917197f4f\WindowsLive.Writer.Controls.ni.dll
+ 2009-02-22 09:59:07 99,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b63823a5b3ae8aa81cb94997db390ab\WindowsLive.Writer.Api.ni.dll
+ 2009-02-22 09:59:03 428,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c76889f6da313c75b11eaf60461c82e\WindowsLive.Writer.Localization.ni.dll
+ 2009-02-22 09:59:10 594,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\20fb431e55c3f27ad51498fe55d37ae4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-02-22 09:58:55 6,392,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a806fa96e3330a853ef9834dffdebf4\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-02-22 09:59:04 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2e9d7206e575145912ce8aa61b211d77\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-02-22 09:59:08 851,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c0571b569bad5e54a9932c8a898107e\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-02-22 09:59:12 119,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\423d86baaaa446228fc3205bd0671318\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-02-22 09:59:02 152,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56771dc2fe172f871091c71ac3a561c2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-02-22 09:59:12 117,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7db7da9911abb2aa8a4e94ef744e7586\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-02-22 09:59:00 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84e8e405b3075006fb93c866af02c63c\WindowsLive.Writer.Interop.ni.dll
+ 2009-02-22 09:59:01 313,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8a6fcbec105088d656a22542a0af3327\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-02-22 09:59:11 322,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93193886e8077ef3c8de1ea5f0edd7f8\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-02-22 09:58:59 2,002,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\99870d72535ce9a8c53ac80236c675c4\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-02-22 09:59:03 108,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b58392b9d39e8daf17f3bd78ab1147d0\WindowsLive.Writer.Passport.ni.dll
+ 2009-02-22 09:59:05 1,105,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce1b4192a4cf7472f1755e3aaee3aef3\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-02-22 09:59:02 334,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\db7a09cf44aa9b0d0e57ddee3762ab1a\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-02-22 09:59:01 174,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dff83a93cfce38247be2ac2e0a8785a9\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-02-22 09:59:14 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a362ea14c0fe23d4f2aea8ec021f0d3e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-02-22 09:58:47 47,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f0940934a3aa33b7671f416206a76c03\WindowsLiveWriter.ni.exe
+ 2009-03-12 00:27:22 119,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\14970b7d0ba02022eeae50e3ff78c941\XPBurnComponent.ni.dll
- 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2004-09-12 15:10:42 5,160 ---ha-r c:\windows\Icon_Patcher\.ReplacerTemp\Special.cmd
+ 2004-09-12 15:10:42 5,456 ---ha-r c:\windows\Icon_Patcher\.ReplacerTemp\Zap.exe
+ 2005-02-02 22:30:32 8,636 ----a-w c:\windows\Icon_Patcher\modifype.exe
+ 2004-09-12 11:10:42 11,578 ----a-w c:\windows\Icon_Patcher\Replacer.cmd
+ 2005-12-18 19:57:54 881,664 ----a-w c:\windows\Icon_Patcher\tools\ResHacker.exe
- 2009-02-21 21:38:13 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-03-26 17:31:11 51,200 ----a-w c:\windows\inf\infpub.dat
- 2009-02-21 21:38:13 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2009-03-26 17:31:09 86,016 ----a-w c:\windows\inf\infstor.dat
- 2009-02-21 21:38:12 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2009-03-26 17:31:11 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2006-10-27 15:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 21:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 15:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 15:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 15:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 15:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 20:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 20:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 20:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 20:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 20:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 15:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 20:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 20:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 20:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 20:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 20:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 20:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 15:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 20:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 15:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 19:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 21:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 15:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 20:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 20:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 00:48:08 234,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 15:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 14:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 14:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 19:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 15:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 20:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 15:37:44 338,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 15:38:02 6,191,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 15:37:44 284,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 00:47:54 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-27 15:37:40 34,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 15:37:44 300,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 00:47:44 33,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 15:37:56 2,689,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 15:38:00 3,508,544 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 15:37:40 117,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 15:37:50 768,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 15:37:52 1,359,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 00:48:24 377,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 15:37:58 3,071,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 15:37:44 284,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 00:48:00 197,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 00:48:18 317,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 00:48:40 1,555,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 00:47:42 31,016 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 00:47:40 22,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 00:48:02 224,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 15:38:04 7,053,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 00:48:42 2,210,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 00:48:18 363,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 00:47:40 16,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 15:37:56 2,738,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 15:37:38 35,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 00:48:02 222,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 15:37:50 1,163,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 15:38:00 4,746,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 15:37:54 1,396,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 00:48:34 955,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 15:37:40 268,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 00:48:26 572,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 15:37:48 631,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-26 20:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 20:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 15:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 15:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 15:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 21:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2009-02-01 16:03:44 609,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2009-02-01 16:03:44 118,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-26 19:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 20:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 15:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 15:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 21:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 13:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 15:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 19:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 20:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 21:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 20:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 13:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 15:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 13:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 19:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 19:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 20:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 15:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 20:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 20:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 20:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 15:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 20:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 20:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 20:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 15:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 20:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 20:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 20:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 15:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 15:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 20:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 20:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 20:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 15:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 20:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 20:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 16:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 18:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 15:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 15:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 15:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 15:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 21:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 15:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 15:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2009-02-01 16:02:54 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 20:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 14:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 20:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 15:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 20:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 21:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 21:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 14:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 20:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 20:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 20:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 20:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 21:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 15:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 14:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 14:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 14:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 14:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 14:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 14:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 14:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 14:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 14:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-30 00:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 23:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 22:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 15:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2009-02-01 16:02:54 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 15:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 15:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 15:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 14:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 21:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 21:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 14:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-10-05 20:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-28 23:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-14 21:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 23:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-29 00:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 23:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 23:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2009-02-22 03:11:54 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-24 03:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 23:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 03:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 23:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 17:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 20:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 05:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2008-11-12 16:44:18 17,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\authuitu_x86.dll
+ 2008-11-20 16:28:16 163,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskDoctor.exe
+ 2008-11-20 16:28:16 463,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskExplorer.exe
+ 2008-11-20 16:28:18 221,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DriveDefrag.exe
+ 2008-11-12 16:44:08 25,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DseShExtx86.dll
+ 2008-11-20 16:28:48 593,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClick.exe
+ 2008-11-20 16:28:50 42,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClickStarter.exe
+ 2008-11-20 16:28:50 38,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\PMLauncher.exe
+ 2008-11-20 16:28:52 397,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProcessManager.exe
+ 2008-11-20 16:28:12 272,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProductInfo.dat
+ 2008-11-20 16:28:54 504,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryCleaner.exe
+ 2008-11-20 16:28:54 160,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefrag.exe
+ 2008-11-20 16:28:56 16,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefragHelper.exe
+ 2008-11-20 16:28:56 327,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryEditor.exe
+ 2008-11-20 16:28:58 85,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegWiz.exe
+ 2008-11-20 16:29:00 166,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RepairWizard.exe
+ 2008-11-20 16:29:00 197,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RescueCenter.exe
+ 2008-11-12 16:44:20 27,392 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SDShelEx86.dll
+ 2008-11-20 16:29:02 227,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ShortcutCleaner.exe
+ 2008-11-20 16:29:14 173,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Shredder.exe
+ 2008-11-20 16:30:12 921,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SilentUpdater.exe
+ 2008-11-20 16:30:14 1,182,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SpeedOptimizer.exe
+ 2008-11-20 16:30:28 352,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\StartUpManager.exe
+ 2008-11-20 16:30:28 129,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemControl.exe
+ 2008-11-20 16:30:30 341,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemInformation.exe
+ 2008-11-12 16:44:12 887,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUDefragService.dll
+ 2008-11-20 16:30:32 57,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUInstallHelper.exe
+ 2008-11-20 16:30:32 15,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUMessages.exe
+ 2008-11-20 16:30:34 11,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\tux64thk.exe
+ 2008-11-20 16:30:34 238,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Undelete.exe
+ 2008-11-20 16:30:36 280,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UninstallManager.exe
+ 2008-11-20 16:30:38 218,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UpdateWizard.exe
+ 2008-11-12 16:44:18 27,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\uxtuneupx86.dll
+ 2008-11-20 16:30:38 915,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\WinStyler.exe
- 2009-01-28 15:03:06 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-02-22 08:21:32 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-02-22 08:24:20 132,096 ----a-r c:\windows\Installer\{3C52E7DA-C431-4239-B66B-1BF703D5B194}\WLXPhotoGalleryIcon.exe
+ 2009-02-28 20:29:37 10,134 ----a-r c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\callmsi.exe
+ 2009-02-28 20:29:37 140,544 ----a-r c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\egui.exe
+ 2009-02-22 08:22:00 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-03-29 21:12:11 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2009-02-01 16:11:03 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-11 17:25:09 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-01 16:11:04 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-11 17:25:10 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-01 16:11:03 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-11 17:25:09 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-01 16:11:03 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-11 17:25:09 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-01 16:11:04 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-11 17:25:10 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-01 16:11:04 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-11 17:25:10 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-01 16:11:04 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-11 17:25:10 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-01 16:11:04 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-11 17:25:09 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-01 16:11:04 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-11 17:25:09 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-01 16:11:04 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-11 17:25:10 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-01 16:11:04 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-11 17:25:10 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-01 16:11:03 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-11 17:25:09 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-01 15:57:59 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-02-22 03:30:20 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-03-29 11:18:35 9,662 ----a-r c:\windows\Installer\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\ARPPRODUCTICON.exe
+ 2009-03-29 11:19:22 16,136 ----a-w c:\windows\Installer\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\emodio.dat
+ 2009-02-22 08:20:50 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2000-08-31 08:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2006-09-10 11:44:20 49,152 ----a-w c:\windows\reico.exe
+ 2008-12-12 21:17:20 352,768 ----a-w c:\windows\Resources\Themes\Aero Diamond\Shell\NormalColor\shellstyle.dll
+ 2006-12-04 13:22:40 587,264 ----a-w c:\windows\Resources\Themes\Vista_Anthracite\Shell\NormalColor\Shellstyle.dll
+ 2009-03-29 22:27:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-29 22:27:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-21 21:41:38 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-29 22:31:51 143,360 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-22 01:18:28 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-22 01:18:28 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-02 11:51:56 2,573,131 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-03-03 02:26:10 2,573,131 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-03-22 01:18:28 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-22 01:18:28 245,760 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-21 21:52:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-29 23:01:29 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2000-08-31 08:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-02-20 07:43:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-29 22:28:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 07:43:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-29 22:28:02 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-20 07:43:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-29 22:28:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-21 21:42:51 245,760 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-21 21:44:35 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-29 22:56:53 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-29 13:06:18 3,426,072 ----a-w c:\windows\System32\d3dx9_32.dll
+ 2008-08-14 07:57:42 74,720 ----a-w c:\windows\System32\drivers\adfs.sys
+ 2008-10-24 20:45:32 39,944 ----a-w c:\windows\System32\drivers\eamon.sys
+ 2008-10-24 20:46:24 53,256 ----a-w c:\windows\System32\drivers\easdrv.sys
+ 2008-10-24 20:53:20 73,224 ----a-w c:\windows\System32\drivers\epfw.sys
+ 2008-10-24 20:53:24 31,240 ----a-w c:\windows\System32\drivers\epfwndis.sys
+ 2008-10-24 20:53:26 54,280 ----a-w c:\windows\System32\drivers\epfwtdi.sys
+ 2007-04-24 09:33:34 83,336 ----a-w c:\windows\System32\drivers\s125bus.sys
+ 2007-04-24 09:33:38 12,424 ----a-w c:\windows\System32\drivers\s125cm.sys
+ 2007-04-24 09:33:38 12,424 ----a-w c:\windows\System32\drivers\s125cmnt.sys
+ 2007-04-24 09:33:42 15,112 ----a-w c:\windows\System32\drivers\s125mdfl.sys
+ 2007-04-24 09:33:44 108,680 ----a-w c:\windows\System32\drivers\s125mdm.sys
+ 2007-04-24 09:33:46 98,696 ----a-w c:\windows\System32\drivers\s125obex.sys
+ 2007-04-24 09:33:48 12,424 ----a-w c:\windows\System32\drivers\s125wh.sys
+ 2007-04-24 09:33:48 12,424 ----a-w c:\windows\System32\drivers\s125whnt.sys
+ 2008-10-10 16:11:32 164,352 ----a-w c:\windows\System32\drivers\ucb_lh32.sys
+ 2008-01-19 07:37:09 664,576 ----a-w c:\windows\System32\drivers\UMDF\WpdMtpDr.dll
- 2006-12-09 03:43:44 809,984 ----a-w c:\windows\System32\drivers\VTGKModeDX32.sys
+ 2008-10-17 10:01:26 809,472 ----a-w c:\windows\System32\drivers\VTGKModeDX32.sys
+ 2008-01-19 06:04:19 39,936 ----a-w c:\windows\System32\drivers\WpdUsb.sys
+ 2008-10-24 20:53:24 31,240 ----a-w c:\windows\System32\DriverStore\FileRepository\epfwndis.inf_310c6965\epfwndis.sys
+ 2008-07-21 13:08:40 9,728 ----a-w c:\windows\System32\DriverStore\FileRepository\netrtoem.inf_1cc25bea\RtNicProp32.dll
+ 2008-10-29 16:29:54 43,520 ----a-w c:\windows\System32\DriverStore\FileRepository\netrtoem.inf_1cc25bea\Rtnicxp.sys
+ 2008-03-03 15:59:58 446,464 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Cfg3d.dll
+ 2008-08-29 09:55:06 199,680 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Clone.dll
+ 2008-10-10 18:58:38 733,184 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Disply.dll
+ 2008-03-05 17:12:24 102,400 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Funkey.exe
+ 2008-05-28 13:20:36 528,384 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Gamma2.dll
+ 2008-05-28 13:32:00 352,256 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3Info2.dll
+ 2008-07-30 17:53:36 393,216 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3iset32.dll
+ 2008-07-30 17:53:42 299,008 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3minset.exe
+ 2008-03-03 15:44:32 602,112 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\S3ovrlay.dll
+ 2008-07-08 18:48:16 204,800 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\s3trayp.exe
+ 2008-10-10 16:11:32 164,352 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\ucb_lh32.sys
+ 2008-10-17 10:01:26 809,472 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\VTGKModeDX32.sys
+ 2008-10-17 10:02:42 4,466,688 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\VTGOGL32.DLL
+ 2008-10-17 10:02:36 3,546,624 ----a-w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\VTGUModeDX32.dll
+ 2007-05-22 16:54:46 1,769,472 ------w c:\windows\System32\DriverStore\FileRepository\p900lh.inf_36a7bd8a\VTROM.bin
+ 2009-03-20 00:51:21 47,360 ----a-w c:\windows\System32\DriverStore\FileRepository\pcouffin.inf_128c8a99\pcouffin.sys
+ 2007-04-24 09:33:34 83,336 ----a-w c:\windows\System32\DriverStore\FileRepository\s125bus.inf_3a80fb8c\i386\s125bus.sys
+ 2007-04-24 09:33:48 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\s125bus.inf_3a80fb8c\i386\s125whnt.sys
+ 2007-04-24 09:33:38 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\s125mdm2.inf_14c9bc82\i386\s125cmnt.sys
+ 2007-04-24 09:33:42 15,112 ----a-w c:\windows\System32\DriverStore\FileRepository\s125mdm2.inf_14c9bc82\i386\s125mdfl.sys
+ 2007-04-24 09:33:44 108,680 ----a-w c:\windows\System32\DriverStore\FileRepository\s125mdm2.inf_14c9bc82\i386\s125mdm.sys
+ 2007-04-24 09:33:38 12,424 ----a-w c:\windows\System32\DriverStore\FileRepository\s125obx2.inf_9c20a3bf\i386\s125cmnt.sys
+ 2007-04-24 09:33:46 98,696 ----a-w c:\windows\System32\DriverStore\FileRepository\s125obx2.inf_9c20a3bf\i386\s125obex.sys
+ 2008-12-16 15:47:00 13,976 ----a-w c:\windows\System32\DriverStore\FileRepository\vminiide.inf_d147f797\videX32.sys
+ 2008-12-16 15:48:40 21,144 ----a-w c:\windows\System32\DriverStore\FileRepository\vminiide.inf_d147f797\xfilt.sys
+ 2009-02-06 18:08:52 55,280 -c--a-w c:\windows\System32\DRVSTORE\fssfltr_9D8141AC16915376436B9EE4A4DDF522797C6456\fssfltr.sys
- 2006-10-26 14:10:08 1,190,688 ----a-w c:\windows\System32\FM20.DLL
+ 2007-08-23 01:03:38 1,195,888 ----a-w c:\windows\System32\FM20.DLL
- 2009-02-15 03:56:34 1,713,824 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-03-14 06:03:05 2,485,736 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-02-03 03:24:01 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-13 00:26:15 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2008-09-17 11:36:22 974,848 ----a-w c:\windows\System32\mfc70.dll
+ 2008-09-17 11:36:22 1,046,528 ----a-w c:\windows\System32\MFC71LU.DLL
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-25 12:55:00 24,768,960 ----a-w c:\windows\System32\mrt.exe
- 2007-02-13 16:22:54 947,472 ----a-w c:\windows\System32\msjava.dll
+ 2008-07-31 10:16:54 947,472 ----a-w c:\windows\System32\msjava.dll
+ 2008-09-17 11:36:22 507,904 ----a-w c:\windows\System32\MSLUP71.dll
+ 2008-09-17 11:36:22 352,256 ----a-w c:\windows\System32\MSLUR71.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\System32\msxml4.dll
+ 2008-09-17 11:36:22 44,544 ----a-w c:\windows\System32\msxml4a.dll
+ 2008-09-17 11:36:22 82,432 ----a-w c:\windows\System32\msxml4r.dll
- 2009-02-21 21:50:02 104,658 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-29 22:34:17 106,292 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-21 21:50:03 598,782 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-29 22:34:17 602,846 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-28 20:09:41 6,656 ----a-w c:\windows\System32\pndx5016.dll
+ 2009-02-28 20:09:41 5,632 ----a-w c:\windows\System32\pndx5032.dll
+ 2008-03-03 15:59:58 446,464 ----a-w c:\windows\System32\S3Cfg3d.dll
- 2006-12-06 13:53:08 17,408 ----a-w c:\windows\System32\S3Clone.dll
+ 2008-08-29 09:55:06 199,680 ----a-w c:\windows\System32\S3Clone.dll
- 2006-11-28 03:36:40 651,264 ----a-w c:\windows\System32\S3Disply.dll
+ 2008-10-10 18:58:38 733,184 ----a-w c:\windows\System32\S3Disply.dll
+ 2008-03-05 17:12:24 102,400 ----a-w c:\windows\System32\S3Funkey.exe
+ 2008-05-28 13:20:36 528,384 ----a-w c:\windows\System32\S3Gamma2.dll
- 2006-11-09 15:29:52 327,680 ----a-w c:\windows\System32\S3Info2.dll
+ 2008-05-28 13:32:00 352,256 ----a-w c:\windows\System32\S3Info2.dll
- 2006-12-07 14:03:06 245,760 ----a-w c:\windows\System32\S3iset32.dll
+ 2008-07-30 17:53:36 393,216 ----a-w c:\windows\System32\S3iset32.dll
- 2006-12-07 14:03:02 167,936 ----a-w c:\windows\System32\S3minset.exe
+ 2008-07-30 17:53:42 299,008 ----a-w c:\windows\System32\S3minset.exe
+ 2008-03-03 15:44:32 602,112 ----a-w c:\windows\System32\S3ovrlay.dll
+ 2008-07-08 18:48:16 204,800 ----a-w c:\windows\System32\s3trayp.exe
+ 2008-12-24 07:48:32 577,536 ----a-w c:\windows\System32\SkinCrafter3_vs2005.dll
- 2009-02-19 23:53:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-03-29 21:14:24 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-30 16:02:56 22,528 ----a-w c:\windows\System32\spool\drivers\w32x86\3\G2PrintUPDDriver.dll
+ 2008-09-30 16:03:30 69,632 ----a-w c:\windows\System32\spool\drivers\w32x86\3\G2PrintUPDUI.dll
+ 2008-09-30 16:01:14 8,192 ----a-w c:\windows\System32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
+ 2008-09-17 11:36:22 258,352 ----a-w c:\windows\System32\unicows.dll
- 2006-12-09 03:48:22 3,991,552 ----a-w c:\windows\System32\VTGOGL32.DLL
+ 2008-10-17 10:02:42 4,466,688 ----a-w c:\windows\System32\VTGOGL32.DLL
- 2006-12-09 03:43:18 2,900,480 ----a-w c:\windows\System32\VTGUModeDX32.dll
+ 2008-10-17 10:02:36 3,546,624 ----a-w c:\windows\System32\VTGUModeDX32.dll
- 2009-02-21 19:28:38 6,118 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1000_UserData.bin
+ 2009-03-29 22:32:39 8,504 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1000_UserData.bin
- 2009-02-20 07:45:28 4,688 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1001_UserData.bin
+ 2009-03-29 07:08:29 6,822 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1001_UserData.bin
- 2009-02-15 03:58:56 3,682 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1002_UserData.bin
+ 2009-03-28 23:58:28 5,262 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2119908331-4203043047-2055449669-1002_UserData.bin
- 2009-02-21 19:28:38 60,700 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-29 22:32:38 64,992 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-21 19:28:35 28,818 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-29 22:32:36 34,908 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-29 08:02:06 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
+ 2009-01-29 08:02:06 347,648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
- 2008-01-19 07:37:03 10,620,928 ----a-w c:\windows\System32\wmp.dll
+ 2008-12-16 05:31:35 10,622,976 ----a-w c:\windows\System32\wmp.dll
+ 2008-01-19 07:37:08 33,280 ----a-w c:\windows\System32\WpdConns.dll
+ 2006-11-02 09:46:14 151,552 ----a-w c:\windows\System32\WpdMtp.dll
+ 2008-01-19 07:37:09 60,928 ----a-w c:\windows\System32\WpdMtpUS.dll
+ 2009-01-08 23:01:22 629,760 ----a-w c:\windows\System32\xvidcore.dll
+ 2009-01-25 21:10:48 179,200 ----a-w c:\windows\System32\xvidvfw.dll
- 2009-02-19 23:53:55 156,380,009 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-03-29 21:12:18 162,111,467 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-16 05:53:36 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\dxmasf.dll
+ 2008-12-16 05:53:35 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\spwmp.dll
+ 2008-12-16 05:53:36 10,619,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmp.dll
+ 2008-12-16 05:53:30 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpconfig.exe
+ 2008-12-16 05:53:30 168,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmplayer.exe
+ 2008-12-16 04:00:17 8,147,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmploc.DLL
+ 2008-12-16 05:53:30 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpshare.exe
+ 2008-12-16 05:37:10 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\dxmasf.dll
+ 2008-12-16 05:36:47 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\spwmp.dll
+ 2008-12-16 05:37:33 10,619,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmp.dll
+ 2008-12-16 03:49:51 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpconfig.exe
+ 2008-12-16 03:49:38 168,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmplayer.exe
+ 2008-12-16 03:49:52 8,147,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmploc.DLL
+ 2008-12-16 03:49:20 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpshare.exe
+ 2008-12-16 05:31:31 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\dxmasf.dll
+ 2008-12-16 05:31:30 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\spwmp.dll
+ 2008-12-16 05:31:35 10,622,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmp.dll
+ 2008-12-16 05:31:19 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpconfig.exe
+ 2008-12-16 05:31:19 168,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmplayer.exe
+ 2008-12-16 03:29:44 8,147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmploc.DLL
+ 2008-12-16 05:31:19 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpshare.exe
+ 2008-12-16 04:32:10 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\dxmasf.dll
+ 2008-12-16 04:31:29 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\spwmp.dll
+ 2008-12-16 04:32:38 10,624,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmp.dll
+ 2008-12-16 02:38:46 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpconfig.exe
+ 2008-12-16 02:38:29 168,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmplayer.exe
+ 2008-12-16 02:39:20 8,147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmploc.DLL
+ 2008-12-16 02:38:10 107,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpshare.exe
+ 2009-02-11 23:29:35 2,409,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16819_none_f0a011f86e53bc84\OESpamFilter.dat
+ 2009-02-11 23:29:48 2,409,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21009_none_f13456d18769739f\OESpamFilter.dat
+ 2009-02-12 00:40:03 2,409,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18214_none_f2814f2c6b7ecec2\OESpamFilter.dat
+ 2009-02-12 00:28:19 2,409,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22375_none_f2cb0cb984cc2f89\OESpamFilter.dat
+ 2008-11-27 04:42:05 269,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16782_none_1fdb8f82585b552d\schannel.dll
+ 2008-12-02 04:25:38 269,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.20967_none_207fcf7d716438ef\schannel.dll
+ 2008-11-27 04:43:25 268,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\schannel.dll
+ 2008-12-02 04:36:39 268,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22320_none_228a4bcd6e70a8bb\schannel.dll
+ 2009-02-09 01:59:26 2,028,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16816_none_b70870b09d62e718\win32k.sys
+ 2009-02-09 01:54:23 2,030,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys
+ 2009-02-09 03:10:34 2,033,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18211_none_b8e9ade49a8df956\win32k.sys
+ 2009-02-09 02:54:45 2,033,664 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
+ 2008-06-26 03:20:31 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20867_none_94eb3a03bd3f8302\WindowsCodecs.dll
+ 2008-06-26 03:21:07 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22211_none_97018689ba42f034\WindowsCodecs.dll
+ 2008-06-26 03:20:31 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20867_none_91fb4ef5d4c6df69\WindowsCodecsExt.dll
+ 2008-06-26 03:21:07 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22211_none_94119b7bd1ca4c9b\WindowsCodecsExt.dll
+ 2009-03-29 21:12:11 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2009-03-29 21:12:14 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
+ 2009-02-22 08:24:42 479,232 ----a-w c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcm80.dll
+ 2009-02-22 08:24:42 558,080 ----a-w c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcp80.dll
+ 2009-02-22 08:24:42 635,904 ----a-w c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"S3Funkey"="S3Funkey.exe" [2008-03-05 c:\windows\System32\S3Funkey.exe]
"S3Trayp"="S3trayp.exe" [2008-07-08 c:\windows\System32\s3trayp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E222360-664C-4F3A-9B24-383D8ACCDE5D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B9581FD-214D-482D-AF4A-538D16448EE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{32369590-CB1D-4DAA-B7EF-A3E58D0CF965}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8EF6067B-C28F-4230-B0D9-7B2494EDB943}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D436CE78-C32A-45E1-A3B0-9EEB1D69E0BE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FF9D1B08-6A1A-4D9A-B0E5-2E75401106A7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{59AD2CE8-CA30-4221-A694-E01AAD476B2A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F05068D6-ECBC-474B-BB03-249F782F6619}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E4A495A9-4839-4078-9D32-977959E31F0F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C701330C-415B-4BE0-AA4B-46F4F3C30C24}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3A9E7785-9822-41C9-912B-2918DE3B5D4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A66A08F-5081-4BB0-8615-3C3C4FF0F097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF0B9809-D289-462D-9AF3-70BD69F1536A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{CEBACC35-9A1B-4E09-AAF9-C6B5D84AE48B}"= UDP:5353:Adobe CSI CS4
"{63A7D032-AD0B-479E-9569-EA2DD7B456C8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{38E35BF1-9FB4-4CB2-8BB5-26E7478C3070}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [2009-03-14 21144]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-02 603904]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\System32\drivers\BLKWGU.sys [2009-01-28 252416]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2009-03-14 809472]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-22 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\System32\drivers\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\System32\drivers\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\System32\drivers\s125mdm.sys [2007-04-24 108680]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\System32\drivers\s125obex.sys [2007-04-24 98696]
S3 S3G700;S3G700;c:\windows\System32\drivers\VTGKModeDX32.sys [2009-03-14 809472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 03:06]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119908331-4203043047-2055449669-1000.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-28 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsig ... 4&id=64855
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 00:01:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 0:04:05
ComboFix-quarantined-files.txt 2009-03-29 23:04:03
ComboFix2.txt 2009-02-21 21:55:14

Pre-Run: 36,218,384,384 bytes free
Post-Run: 36,478,746,624 bytes free

906 --- E O F --- 2009-03-29 21:12:20

Is this ok?

James.
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 29th, 2009, 7:27 pm

jamestaylor wrote:Is this ok?

James.

Yes. :)

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
c:\program files\uTorrent Turbo Booster
c:\users\James\AppData\Roaming\uTorrent
c:\users\James\AppData\Roaming\LimeWire


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Scan with Malwarebytes' Anti-Malware

  • Double click on the Malwarebytes' Anti-Malware icon on your desktop.
  • Once the program has loaded, click on the Update tab and click on Check for Updates.
  • Click on the Scanner tab.
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. ComboFix log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 30th, 2009, 3:23 am

jamestaylor wrote:ComboFix 09-03-29.02 - James 2009-03-30 0:42:28.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2494.1640 [GMT 1:00]
Running from: c:\users\James\Desktop\ComboFix.exe
Command switches used :: c:\users\James\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent Turbo Booster
c:\program files\uTorrent Turbo Booster\gdiplus.dll
c:\program files\uTorrent Turbo Booster\mfc80.dll
c:\program files\uTorrent Turbo Booster\Skin.skf
c:\users\James\AppData\Roaming\LimeWire
c:\users\James\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\James\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\James\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\James\AppData\Roaming\LimeWire\createtimes.cache
c:\users\James\AppData\Roaming\LimeWire\downloads.dat
c:\users\James\AppData\Roaming\LimeWire\fileurns.bak
c:\users\James\AppData\Roaming\LimeWire\fileurns.cache
c:\users\James\AppData\Roaming\LimeWire\gnutella.net
c:\users\James\AppData\Roaming\LimeWire\installation.props
c:\users\James\AppData\Roaming\LimeWire\library.dat
c:\users\James\AppData\Roaming\LimeWire\library5.dat
c:\users\James\AppData\Roaming\LimeWire\limewire.props
c:\users\James\AppData\Roaming\LimeWire\mojito.props
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\James\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\James\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\James\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\James\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\James\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\James\AppData\Roaming\LimeWire\questions.props
c:\users\James\AppData\Roaming\LimeWire\responses.cache
c:\users\James\AppData\Roaming\LimeWire\simpp.xml
c:\users\James\AppData\Roaming\LimeWire\spam.dat
c:\users\James\AppData\Roaming\LimeWire\tables.props
c:\users\James\AppData\Roaming\LimeWire\ttrees.cache
c:\users\James\AppData\Roaming\LimeWire\ttroot.cache
c:\users\James\AppData\Roaming\LimeWire\version.xml
c:\users\James\AppData\Roaming\LimeWire\versions.props
c:\users\James\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\James\AppData\Roaming\LimeWire\xml\data\image.sxml3
c:\users\James\AppData\Roaming\uTorrent
c:\users\James\AppData\Roaming\uTorrent\dht.dat
c:\users\James\AppData\Roaming\uTorrent\dht.dat.old
c:\users\James\AppData\Roaming\uTorrent\Evanescence - Live@Zepp_ Japan.2007.torrent
c:\users\James\AppData\Roaming\uTorrent\resume.dat
c:\users\James\AppData\Roaming\uTorrent\resume.dat.old
c:\users\James\AppData\Roaming\uTorrent\rss.dat
c:\users\James\AppData\Roaming\uTorrent\rss.dat.old
c:\users\James\AppData\Roaming\uTorrent\settings.dat
c:\users\James\AppData\Roaming\uTorrent\settings.dat.old
c:\users\James\AppData\Roaming\uTorrent\utorrent.lng

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 22:12 . 2009-03-29 22:12 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-29 21:58 . 2009-03-29 21:58 <DIR> d-------- c:\program files\CCleaner
2009-03-29 12:50 . 2009-03-29 12:50 65 --a------ c:\windows\FISHUI.INI
2009-03-29 12:19 . 2009-03-29 12:47 <DIR> d-------- c:\users\James\AppData\Roaming\DataCast
2009-03-29 12:18 . 2009-03-29 12:18 <DIR> d-------- c:\program files\Samsung
2009-03-27 16:55 . 2009-03-27 16:56 <DIR> d-------- C:\rsit
2009-03-27 14:48 . 2009-03-27 14:48 <DIR> d-------- c:\program files\Citrix
2009-03-27 14:48 . 2008-09-30 17:04 42,792 --a------ c:\windows\System32\gotomon.dll
2009-03-26 21:30 . 2009-03-29 23:31 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-03-21 04:38 . 2009-03-21 08:02 <DIR> d-------- c:\users\James\AppData\Roaming\Any Video Converter
2009-03-21 04:38 . 2009-03-21 04:39 <DIR> d-------- c:\program files\Any Video Converter
2009-03-20 01:51 . 2009-03-20 01:51 81,920 --a------ c:\users\James\AppData\Roaming\ezpinst.exe
2009-03-17 01:47 . 2009-03-17 01:47 <DIR> d-------- c:\users\Mishy Moo\AppData\Roaming\DivX
2009-03-15 18:19 . 2009-03-15 18:19 <DIR> d-------- c:\users\James\AppData\Roaming\AdobeUM
2009-03-14 06:59 . 2009-03-14 06:59 <DIR> d-------- c:\program files\VIA
2009-03-14 06:59 . 2007-09-20 11:43 331,184 --------- c:\windows\System32\difxapi.dll
2009-03-14 06:58 . 2008-12-16 16:48 21,144 --a------ c:\windows\System32\drivers\xfilt.sys
2009-03-14 06:58 . 2008-12-16 16:47 13,976 --a------ c:\windows\System32\drivers\videX32.sys
2009-03-14 06:56 . 2009-03-14 06:56 <DIR> d-------- c:\program files\Realtek
2009-03-14 06:56 . 2008-10-29 17:29 43,520 --a------ c:\windows\System32\drivers\Rtnicxp.sys
2009-03-14 06:49 . 2007-05-22 17:54 1,769,472 --a------ c:\windows\System32\VTROM.bin
2009-03-14 06:47 . 2009-03-14 06:48 <DIR> d--h----- c:\program files\Temp
2009-03-13 01:22 . 2009-03-13 01:22 <DIR> d-------- c:\users\James\AppData\Roaming\GetRightToGo
2009-03-12 01:54 . 2009-03-12 01:54 <DIR> d-------- c:\users\All Users\SymplisIT
2009-03-12 01:54 . 2009-03-12 01:54 <DIR> d-------- c:\programdata\SymplisIT
2009-03-12 01:53 . 2009-03-14 06:32 <DIR> d-------- C:\Driver Backups
2009-03-12 01:49 . 2009-03-12 01:49 <DIR> d-------- c:\program files\SymplisIT
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-12 01:26 . 2009-03-12 01:26 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-03-12 01:26 . 2009-03-12 01:26 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2009-03-11 12:02 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 12:01 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-08 04:41 . 2009-03-08 04:41 <DIR> d-------- c:\windows\Icon_Patcher
2009-03-08 04:39 . 2009-03-08 04:39 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-03 20:22 . 2009-03-03 20:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-03 03:15 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-03 03:15 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-03 03:15 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-03 03:15 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-03 02:48 . 2009-03-03 02:48 <DIR> d-------- c:\program files\Adobe Media Player
2009-03-03 02:44 . 2009-03-03 02:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-03 00:59 . 2009-03-14 07:07 50 --a------ c:\windows\MegaManager.INI
2009-03-02 19:19 . 2009-03-02 19:19 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-03-02 19:19 . 2009-03-02 19:19 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-03-02 19:19 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-03-02 19:19 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-03-01 08:58 . 2009-03-01 08:58 <DIR> d-------- c:\users\Jacqueline\AppData\Roaming\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 20:52 --------- d-----w c:\program files\AviSynth 2.5
2009-03-29 20:43 --------- d-----w c:\program files\Xilisoft
2009-03-29 20:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 20:42 --------- d-----w c:\programdata\eBay
2009-03-29 20:33 --------- d-----w c:\users\James\AppData\Roaming\Skype
2009-03-29 19:44 --------- d-----w c:\programdata\Google Updater
2009-03-29 16:29 --------- d-----w c:\users\James\AppData\Roaming\skypePM
2009-03-29 11:16 348,160 ----a-w c:\windows\System32\msvcr71.dll
2009-03-27 13:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-20 00:52 --------- d-----w c:\users\James\AppData\Roaming\Vso
2009-03-20 00:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-20 00:51 47,360 ----a-w c:\users\James\AppData\Roaming\pcouffin.sys
2009-03-14 18:55 --------- d-----w c:\users\James\AppData\Roaming\dvdcss
2009-03-14 05:52 --------- d-----w c:\program files\S3
2009-03-14 05:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-03-11 17:43 --------- d-----w c:\programdata\Microsoft Help
2009-03-11 17:27 --------- d-----w c:\program files\Windows Mail
2009-03-08 13:11 --------- d-----w c:\users\James\AppData\Roaming\gtk-2.0
2009-03-03 01:50 --------- d-----w c:\program files\Common Files\Adobe
2009-03-03 00:40 174 --sha-w c:\program files\desktop.ini
2009-03-02 18:19 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-28 21:43 --------- d-----w c:\users\Mishy Moo\AppData\Roaming\ESET
2009-02-28 20:42 --------- d-----w c:\program files\XviD
2009-02-28 20:29 --------- d-----w c:\users\James\AppData\Roaming\ESET
2009-02-28 20:26 --------- d-----w c:\programdata\ESET
2009-02-28 20:26 --------- d-----w c:\program files\ESET
2009-02-28 20:09 --------- d-----w c:\program files\Real
2009-02-28 20:09 --------- d-----w c:\program files\Common Files\xing shared
2009-02-28 20:09 --------- d-----w c:\program files\Common Files\Real
2009-02-22 08:25 --------- d-----w c:\program files\Windows Live
2009-02-22 08:25 --------- d-----w c:\program files\Microsoft
2009-02-22 08:24 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-22 08:21 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 03:23 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-21 16:28 --------- d-----w c:\programdata\Norton
2009-02-21 14:30 --------- d-----w c:\users\James\AppData\Roaming\Malwarebytes
2009-02-21 14:29 --------- d-----w c:\programdata\Malwarebytes
2009-02-21 14:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-20 00:52 --------- d-----w c:\program files\Trend Micro
2009-02-20 00:33 --------- d-----w c:\programdata\Symantec
2009-02-20 00:27 --------- d-----w c:\programdata\NortonInstaller
2009-02-19 19:31 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-19 16:52 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-19 16:52 --------- d-----w c:\program files\Java
2009-02-19 15:14 --------- d-----w c:\users\James\AppData\Roaming\DMCache
2009-02-19 03:02 --------- d-----w c:\programdata\DVD Shrink
2009-02-19 02:53 --------- d-----w c:\users\James\AppData\Roaming\HandBrake
2009-02-17 05:14 --------- d-----w c:\users\James\AppData\Roaming\Megaupload
2009-02-17 05:09 --------- d-----w c:\programdata\Megaupload
2009-02-17 05:09 --------- d-----w c:\programdata\EmailNotifier
2009-02-17 05:08 --------- d-----w c:\program files\Megaupload
2009-02-17 02:14 --------- d-----w c:\program files\RealArcade
2009-02-16 15:40 --------- d-----w c:\users\James\AppData\Roaming\Xilisoft Corporation
2009-02-14 11:49 --------- d-----w c:\program files\GIMP-2.0
2009-02-11 16:48 --------- d-----w c:\programdata\FLEXnet
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 09:00 --------- d-----w c:\users\James\AppData\Roaming\TuneUp Software
2009-02-11 08:59 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-11 08:59 --------- d-----w c:\programdata\TuneUp Software
2009-02-11 08:58 --------- d-----w c:\program files\Google
2009-02-11 08:54 --------- d-----w c:\program files\PC Tune-Up
2009-02-11 08:11 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-09 14:12 --------- d-----w c:\programdata\TEMP
2009-02-06 19:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 18:08 55,280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 15:03 --------- d-----w c:\users\Jacqueline\AppData\Roaming\AdobeUM
2009-02-05 23:52 --------- d-----w c:\users\Mishy Moo\AppData\Roaming\Skype
2009-02-05 13:37 49,152 ----a-r c:\windows\System32\inetwh32.dll
2009-02-05 13:37 1,044,480 ----a-r c:\windows\System32\roboex32.dll
2009-02-03 20:29 --------- d-----w c:\users\Jacqueline\AppData\Roaming\DivX
2009-02-02 22:11 --------- d-----w c:\users\James\AppData\Roaming\DivX
2009-02-02 22:10 --------- d-----w c:\program files\DivX
2009-02-02 22:09 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-02-01 16:33 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-01 16:03 --------- d-----w c:\program files\MSBuild
2009-02-01 16:03 --------- d-----w c:\program files\Microsoft Works
2009-02-01 16:02 --------- d-----w c:\program files\Microsoft.NET
2009-02-01 15:59 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-01 02:15 --------- d-----w c:\program files\Common Files\logishrd
2009-02-01 02:13 --------- d-----w c:\programdata\Logishrd
2009-02-01 02:13 --------- d-----w c:\program files\Logitech
2009-02-01 01:45 --------- d-----w c:\program files\Windows Sidebar
2009-02-01 01:45 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-01 01:45 --------- d-----w c:\program files\Windows Defender
2009-02-01 01:45 --------- d-----w c:\program files\Windows Collaboration
2009-02-01 01:45 --------- d-----w c:\program files\Windows Calendar
2009-02-01 01:31 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-01 01:31 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-01 01:17 --------- d-----w c:\users\James\AppData\Roaming\Apple Computer
2009-02-01 01:16 --------- d-----w c:\programdata\Apple Computer
2009-02-01 01:16 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 01:16 --------- d-----w c:\program files\iTunes
2009-02-01 01:16 --------- d-----w c:\program files\iPod
2009-02-01 01:16 --------- d-----w c:\program files\Common Files\Apple
2009-02-01 01:15 --------- d-----w c:\program files\Bonjour
2009-02-01 01:14 --------- d-----w c:\program files\QuickTime
2009-02-01 01:12 --------- d-----w c:\program files\Apple Software Update
2009-02-01 01:11 --------- d-----w c:\programdata\Apple
.

((((((((((((((((((((((((((((( SnapShot_2009-03-30_ 0.02.29.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 23:01:29 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-29 23:45:17 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-29 23:45:17 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"S3Funkey"="S3Funkey.exe" [2008-03-05 c:\windows\System32\S3Funkey.exe]
"S3Trayp"="S3trayp.exe" [2008-07-08 c:\windows\System32\s3trayp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E222360-664C-4F3A-9B24-383D8ACCDE5D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B9581FD-214D-482D-AF4A-538D16448EE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{32369590-CB1D-4DAA-B7EF-A3E58D0CF965}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8EF6067B-C28F-4230-B0D9-7B2494EDB943}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D436CE78-C32A-45E1-A3B0-9EEB1D69E0BE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FF9D1B08-6A1A-4D9A-B0E5-2E75401106A7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{59AD2CE8-CA30-4221-A694-E01AAD476B2A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F05068D6-ECBC-474B-BB03-249F782F6619}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E4A495A9-4839-4078-9D32-977959E31F0F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C701330C-415B-4BE0-AA4B-46F4F3C30C24}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3A9E7785-9822-41C9-912B-2918DE3B5D4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A66A08F-5081-4BB0-8615-3C3C4FF0F097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF0B9809-D289-462D-9AF3-70BD69F1536A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{CEBACC35-9A1B-4E09-AAF9-C6B5D84AE48B}"= UDP:5353:Adobe CSI CS4
"{63A7D032-AD0B-479E-9569-EA2DD7B456C8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{38E35BF1-9FB4-4CB2-8BB5-26E7478C3070}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [2009-03-14 21144]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-02 603904]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\System32\drivers\BLKWGU.sys [2009-01-28 252416]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2009-03-14 809472]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-22 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\System32\drivers\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\System32\drivers\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\System32\drivers\s125mdm.sys [2007-04-24 108680]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\System32\drivers\s125obex.sys [2007-04-24 98696]
S3 S3G700;S3G700;c:\windows\System32\drivers\VTGKModeDX32.sys [2009-03-14 809472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 03:06]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2119908331-4203043047-2055449669-1000.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-28 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsig ... 4&id=64855
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 00:45:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 0:47:49
ComboFix-quarantined-files.txt 2009-03-29 23:47:46
ComboFix2.txt 2009-03-29 23:04:07
ComboFix3.txt 2009-02-21 21:55:14

Pre-Run: 34,102,923,264 bytes free
Post-Run: 34,072,551,424 bytes free

634 --- E O F --- 2009-03-29 21:12:20


Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 6.0.6001 Service Pack 1

30/03/2009 08:17:33 AM
mbam-log-2009-03-30 (08-17-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232444
Time elapsed: 1 hour(s), 54 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jamestaylor wrote:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:19:54 AM, on 30/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\S3Funkey.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\S3Funkey.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... 4&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [S3Funkey] S3Funkey.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-2119908331-4203043047-2055449669-1001\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Jacqueline')
O4 - HKUS\S-1-5-21-2119908331-4203043047-2055449669-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jacqueline')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7336 bytes
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm

Re: Please check my HJT log as I want to apply for the uni...

Unread postby Axephilic » March 30th, 2009, 4:31 pm

Hi there,

It's looking good so far. :)

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Kaspersky report
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please check my HJT log as I want to apply for the uni...

Unread postby jamestaylor » March 30th, 2009, 7:28 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 31, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 22:36:40
Records in database: 1987911
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Files scanned: 154465
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:52:36

No malware has been detected. The scan area is clean.

The selected area was scanned.

Axephilic wrote:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:12 AM, on 31/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\S3Funkey.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsig ... 4&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [S3Funkey] S3Funkey.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6990 bytes


Also, heared of a rumour that the Conficker virus (now 'Conficker C' I believe) will do something to the PC's infected on 1st april. To be honest, I dont really believe it. i think its a loads of rubbish, but what do you think about that? The text I read was apparently quoted from Yahoo.

Thanks,
James.
jamestaylor
Regular Member
 
Posts: 23
Joined: March 9th, 2009, 9:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware