Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Hijacked! Re-submitting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Hijacked! Re-submitting

Unread postby Dede » September 10th, 2008, 11:23 pm

Hello again,

Due to unforeseen circumstances, I could not immediately follow up on a previous topic, so I'm starting a new one...same problem


My Firefox browser was recently hijacked by an outfit called Antivirus 2008. (Incidentally, when I start Firefox in Safemode and visit sites, the hijacker doesn't appear)

It doesn't seem to be hijacking IE either.

When I tried deleting the program it installed (using the uninstall manager, it kept giving me one of those error messages to send to Microsoft). So I uninstalled the folder by going through windows explorer. This helped for a time, but of course good things don't last forever. Perhaps I shouldn't have gone that route, but it gave me SOME measure of satisfaction, if only until my next start up.

I will try to be better about following through in a timely manner.

Thanks in advance for your help :!:

Dede

In this post I am including my hijackthis log followed by the start up log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:10 PM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-1096971687-924002423-2237425911-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7598 bytes


StartupList report, 9/10/2008, 7:57:11 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Adobe Version Cue CS2 = "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
KBD = C:\HP\KBD\KBD.EXE
HPHUPD08 = c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
HPBootOp = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update = C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
DiscUpdateManager = C:\Program Files\DISC\DiscUpdateMgr.exe
DISCover = C:\Program Files\DISC\DISCover.exe
AlwaysReady Power Message APP = ARPWRMSG.EXE
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
ISTray = "C:\Program Files\Spyware Doctor\pctsTray.exe"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
updateMgr = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /H
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Uniblue RegistryBooster 2009 = C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Download Program Files:

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://download.divx.com/player/DivXBrowserPlugin.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/fl ... rashim.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #2: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #3: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #19: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 6,984 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Dede
Active Member
 
Posts: 6
Joined: August 26th, 2008, 12:25 am
Advertisement
Register to Remove

Re: Browser Hijacked! Re-submitting

Unread postby peku006 » September 13th, 2008, 12:07 pm

Hello and welcome to Malware Removal.

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Browser Hijacked! Re-submitting

Unread postby Dede » September 14th, 2008, 5:09 pm

Followed your instructions and here are the logs you asked for:

Malwarebytes' Anti-Malware 1.28
Database version: 1151
Windows 5.1.2600 Service Pack 3

9/14/2008 2:03:47 PM
mbam-log-2008-09-14 (14-03-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 253061
Time elapsed: 2 hour(s), 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\rhc7v6j0ejd3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP46\A0020099.exe (Adware.Comet) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.01 (written by random/random)
Run by HP_Administrator at 2008-09-14 14:04:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (49%) free of 182 GB
Total RAM: 958 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:06 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\PHW5HWOU\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7713 bytes

Registry dump

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-09-27 61440]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-09-27 1060864]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-09-09 1168264]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"updateMgr"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{308d998e-490f-11dd-aa96-0015f29ef5a8}]
shell\AutoRun\command - K:\LaunchU3.exe -a


List of files/folders created in the last three months

2008-09-14 14:04:55 ----D---- C:\rsit
2008-09-14 11:39:33 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-14 11:39:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 11:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 18:58:33 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2008-09-09 18:58:06 ----D---- C:\Program Files\Uniblue
2008-09-01 10:56:22 ----A---- C:\WINDOWS\system32\muweb.dll
2008-08-29 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-28 17:53:06 ----D---- C:\WINDOWS\Prefetch
2008-08-28 08:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-28 08:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-28 08:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-28 08:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-28 08:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-28 08:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-28 08:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-28 08:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-28 08:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-28 08:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-28 08:07:27 ----D---- C:\WINDOWS\system32\scripting
2008-08-28 08:07:27 ----D---- C:\WINDOWS\l2schemas
2008-08-28 08:07:25 ----D---- C:\WINDOWS\system32\en
2008-08-28 08:07:24 ----D---- C:\WINDOWS\system32\bits
2008-08-28 08:03:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-28 07:52:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-27 07:43:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-08-24 13:19:47 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-08-24 13:19:47 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-08-24 13:19:47 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-08-24 13:19:47 ----A---- C:\WINDOWS\system32\bthci.dll
2008-08-24 13:19:46 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-08-24 13:19:46 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-08-24 13:19:46 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-08-24 13:19:46 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-08-24 13:19:46 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-08-24 13:19:45 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-08-24 13:19:36 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-08-24 13:19:34 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-08-24 13:19:32 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-08-24 13:19:24 ----A---- C:\WINDOWS\system32\secedit.exe
2008-08-24 13:19:24 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-08-24 13:19:23 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-08-24 13:19:23 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-08-24 13:19:23 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-08-24 13:19:22 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-08-24 13:19:21 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-08-24 13:19:20 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-08-24 13:19:20 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-08-24 13:19:20 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-08-24 13:19:20 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-08-24 13:19:19 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-08-24 13:19:19 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-08-24 13:19:18 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-08-24 13:19:17 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-08-24 13:19:17 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-08-24 13:19:17 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-08-24 13:19:16 ----A---- C:\WINDOWS\system32\mssap.dll
2008-08-24 13:19:16 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-08-24 13:19:15 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-08-24 13:19:15 ----A---- C:\WINDOWS\system32\twext.dll
2008-08-24 13:19:15 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-08-24 13:19:15 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-08-24 13:19:15 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-08-24 13:19:14 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-08-24 13:19:14 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-08-24 13:19:14 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-08-24 13:19:14 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-08-24 13:19:13 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-08-24 13:19:13 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-08-24 13:19:13 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-08-24 13:19:13 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-08-24 13:19:13 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-08-24 13:19:12 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-08-24 13:19:12 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-08-24 13:19:11 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-08-24 13:19:11 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-08-24 13:19:11 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-08-24 13:19:09 ----A---- C:\WINDOWS\system32\p2p.dll
2008-08-24 13:19:09 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-08-24 13:19:09 ----A---- C:\WINDOWS\system32\encapi.dll
2008-08-24 13:19:09 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-08-24 13:19:08 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-08-24 13:19:07 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-08-24 13:19:06 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-08-24 13:19:06 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-08-24 13:19:05 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-08-24 13:19:05 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-08-24 13:19:05 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-08-24 13:19:04 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-08-24 13:19:04 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-08-24 13:19:04 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-08-24 13:19:04 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-08-24 13:19:03 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-08-24 13:19:03 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-08-24 13:19:03 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-08-24 13:19:02 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-08-24 13:19:02 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-08-24 13:19:02 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-08-24 13:19:01 ----A---- C:\WINDOWS\system32\cipher.exe
2008-08-24 13:19:01 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-08-24 13:19:01 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-08-24 13:19:00 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-08-24 13:18:59 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-08-24 13:18:59 ----A---- C:\WINDOWS\system32\fde.dll
2008-08-24 13:18:58 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-08-24 13:18:58 ----A---- C:\WINDOWS\system32\getmac.exe
2008-08-24 13:18:57 ----A---- C:\WINDOWS\system32\gptext.dll
2008-08-24 13:18:47 ----A---- C:\WINDOWS\system32\logman.exe
2008-08-24 13:18:44 ----A---- C:\WINDOWS\system32\mqad.dll
2008-08-24 13:18:43 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-08-24 13:18:43 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-08-24 13:18:43 ----A---- C:\WINDOWS\system32\mqise.dll
2008-08-24 13:18:43 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-08-24 13:18:43 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-08-24 13:18:42 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-08-24 13:18:42 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-08-24 13:18:42 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-08-24 13:18:42 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-08-24 13:18:41 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-08-24 13:18:38 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-08-24 13:18:38 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-08-24 13:18:37 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-08-24 13:18:36 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-08-24 13:18:35 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-08-24 13:18:34 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-08-24 13:18:32 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-08-24 13:17:58 ----A---- C:\WINDOWS\explorer.exe
2008-08-24 13:17:57 ----A---- C:\WINDOWS\winhlp32.exe
2008-08-24 13:17:57 ----A---- C:\WINDOWS\twain_32.dll
2008-08-24 13:17:57 ----A---- C:\WINDOWS\regedit.exe
2008-08-24 13:17:57 ----A---- C:\WINDOWS\hh.exe
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\activeds.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\aclui.dll
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-08-24 13:17:54 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\atl.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\at.exe
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\amstream.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\alg.exe
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\ahui.exe
2008-08-24 13:17:53 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\browser.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\browselc.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\batt.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\authz.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\attrib.exe
2008-08-24 13:17:52 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\camocx.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\cabview.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-08-24 13:17:51 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cic.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-08-24 13:17:50 ----A---- C:\WINDOWS\system32\certcli.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-08-24 13:17:49 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\comres.dll
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\compstui.dll
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\compatui.dll
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-08-24 13:17:48 ----A---- C:\WINDOWS\system32\colbact.dll
2008-08-24 13:17:47 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-08-24 13:17:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\credui.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\corpol.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\conime.exe
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-08-24 13:17:46 ----A---- C:\WINDOWS\system32\comuid.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\csrss.exe
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\cscui.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\cscript.exe
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-08-24 13:17:45 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-08-24 13:17:44 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-08-24 13:17:44 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-08-24 13:17:44 ----A---- C:\WINDOWS\system32\datime.dll
2008-08-24 13:17:44 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\devenum.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\defrag.exe
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-08-24 13:17:43 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dinput.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\digest.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\diantz.exe
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-08-24 13:17:42 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmime.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmband.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\dispex.dll
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-08-24 13:17:41 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dmutil.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-08-24 13:17:40 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dsound.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\drprov.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-08-24 13:17:39 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dswave.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dssec.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-08-24 13:17:38 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\duser.dll
2008-08-24 13:17:37 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\esent.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\es.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\els.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-08-24 13:17:36 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\fxsapi.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\fontview.exe
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\fontext.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\findstr.exe
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\feclient.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\exts.dll
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-08-24 13:17:35 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsst.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsres.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsperf.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsmon.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsext32.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsevent.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxscover.exe
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxscomex.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxscom.dll
2008-08-24 13:17:34 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\glu32.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxsui.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxstiff.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxst30.dll
2008-08-24 13:17:33 ----A---- C:\WINDOWS\system32\fxssvc.exe
2008-08-24 13:17:32 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-08-24 13:17:32 ----A---- C:\WINDOWS\system32\help.exe
2008-08-24 13:17:32 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\htui.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hlink.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-08-24 13:17:31 ----A---- C:\WINDOWS\system32\hid.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\idq.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\icmp.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\icm32.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-08-24 13:17:30 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\imm32.dll
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\imapi.exe
2008-08-24 13:17:29 ----A---- C:\WINDOWS\system32\ils.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\input.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\initpki.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\inetres.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-08-24 13:17:28 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\itircl.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\isign32.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-08-24 13:17:27 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\jscript.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-08-24 13:17:26 ----A---- C:\WINDOWS\system32\itss.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\licdll.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-08-24 13:17:25 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\makecab.exe
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\magnify.exe
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\lsass.exe
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\lpk.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\logonui.exe
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\localui.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\localsec.dll
2008-08-24 13:17:24 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\midimap.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-08-24 13:17:23 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mmc.exe
2008-08-24 13:17:22 ----A---- C:\WINDOWS\system32\mlang.dll
2008-08-24 13:17:21 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-08-24 13:17:21 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-08-24 13:17:21 ----A---- C:\WINDOWS\system32\moricons.dll
2008-08-24 13:17:21 ----A---- C:\WINDOWS\system32\more.com
2008-08-24 13:17:21 ----A---- C:\WINDOWS\system32\modemui.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\msconf.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\mscms.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\msafd.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-08-24 13:17:20 ----A---- C:\WINDOWS\system32\mpr.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msdart.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\msctf.dll
2008-08-24 13:17:19 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-08-24 13:17:18 ----A---- C:\WINDOWS\system32\msi.dll
2008-08-24 13:17:18 ----A---- C:\WINDOWS\system32\msgina.dll
2008-08-24 13:17:18 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msisip.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msidle.dll
2008-08-24 13:17:17 ----A---- C:\WINDOWS\system32\msident.dll
2008-08-24 13:17:16 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-08-24 13:17:16 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-08-24 13:17:16 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-08-24 13:17:16 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-08-24 13:17:15 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-08-24 13:17:15 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-08-24 13:17:15 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-08-24 13:17:15 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-08-24 13:17:15 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\msutb.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-08-24 13:17:14 ----A---- C:\WINDOWS\system32\mstask.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msxml.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-08-24 13:17:13 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\narrator.exe
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-08-24 13:17:12 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\netid.dll
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\netdde.exe
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\net1.exe
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\net.exe
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-08-24 13:17:11 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netsh.exe
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netrap.dll
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netman.dll
2008-08-24 13:17:10 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\npptools.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\notepad.exe
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\newdev.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\netui1.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\netui0.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\netstat.exe
2008-08-24 13:17:09 ----A---- C:\WINDOWS\system32\netshell.dll
2008-08-24 13:17:09 ----A---- C:\WINDOWS\notepad.exe
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\objsel.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\oakley.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-08-24 13:17:08 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-08-24 13:17:07 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-08-24 13:17:06 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-08-24 13:17:06 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-08-24 13:17:06 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-08-24 13:17:06 ----A---- C:\WINDOWS\system32\ole32.dll
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\packager.exe
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\osk.exe
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-08-24 13:17:05 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\perfos.dll
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-08-24 13:17:04 ----A---- C:\WINDOWS\system32\pdh.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\psbase.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\psapi.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\proquota.exe
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\progman.exe
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\profmap.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\polstore.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\pjlmon.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\ping.exe
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\pid.dll
2008-08-24 13:17:03 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qedit.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qdv.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\qcap.dll
2008-08-24 13:17:02 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-08-24 13:17:01 ----N---- C:\WINDOWS\system32\quartz.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\raschap.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-08-24 13:17:00 ----A---- C:\WINDOWS\system32\query.dll
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rcp.exe
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rastls.dll
2008-08-24 13:16:59 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\regapi.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\reg.exe
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-08-24 13:16:58 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rsh.exe
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\riched20.dll
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\rexec.exe
2008-08-24 13:16:57 ----A---- C:\WINDOWS\system32\resutils.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\scecli.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\runonce.exe
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-08-24 13:16:56 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\sens.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\security.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\secur32.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-08-24 13:16:55 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\sfc.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\setup.exe
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\sethc.exe
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-08-24 13:16:54 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-08-24 13:16:52 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shgina.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-08-24 13:16:50 ----A---- C:\WINDOWS\system32\shell32.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\skeys.exe
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-08-24 13:16:49 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\sort.exe
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-08-24 13:16:48 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-08-24 13:16:47 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-08-24 13:16:47 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-08-24 13:16:47 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-08-24 13:16:47 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-08-24 13:16:47 ----A---- C:\WINDOWS\system32\srclient.dll
2008-08-24 13:16:46 ----A---- C:\WINDOWS\system32\stobject.dll
2008-08-24 13:16:46 ----A---- C:\WINDOWS\system32\stimon.exe
2008-08-24 13:16:46 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-08-24 13:16:46 ----A---- C:\WINDOWS\system32\sti.dll
2008-08-24 13:16:46 ----A---- C:\WINDOWS\system32\stclient.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\syncui.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\synceng.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\sxs.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\svchost.exe
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-08-24 13:16:45 ----A---- C:\WINDOWS\system32\storprop.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\themeui.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\telnet.exe
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-08-24 13:16:44 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\txflog.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\tree.com
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\tracert.exe
2008-08-24 13:16:43 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\utilman.exe
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\usp10.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\userenv.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\user32.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\usbui.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\ups.exe
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-08-24 13:16:42 ----A---- C:\WINDOWS\system32\upnp.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\version.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\verifier.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-08-24 13:16:41 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\webvw.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\w32time.dll
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-08-24 13:16:40 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-08-24 13:16:39 ----A---- C:\WINDOWS\system32\wextract.exe
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winscard.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winmm.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-08-24 13:16:38 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wmi.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\winver.exe
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-08-24 13:16:37 ----A---- C:\WINDOWS\system32\winsta.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wship6.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wshext.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wscript.exe
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wow32.dll
2008-08-24 13:16:36 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-08-24 13:16:35 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-08-24 13:16:34 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-08-24 13:16:34 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-08-24 13:16:34 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-08-24 13:16:34 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-08-24 13:16:34 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\cmd.exe
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\cacls.exe
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\autochk.exe
2008-08-24 13:16:32 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\localspl.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\ftp.exe
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\format.com
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-08-24 13:16:31 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-08-24 13:16:30 ----A---- C:\WINDOWS\system32\locator.exe
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-08-24 13:16:29 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\samlib.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rasman.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-08-24 13:16:28 ----A---- C:\WINDOWS\system32\printui.dll
2008-08-24 13:16:27 ----A---- C:\WINDOWS\system32\savedump.exe
2008-08-24 13:16:27 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-08-24 13:16:26 ----A---- C:\WINDOWS\system32\services.exe
2008-08-24 13:16:26 ----A---- C:\WINDOWS\system32\schannel.dll
2008-08-24 13:16:26 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-08-24 13:16:25 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-08-24 13:16:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-08-24 13:16:24 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-08-24 13:16:24 ----A---- C:\WINDOWS\system32\smss.exe
2008-08-24 13:16:23 ----A---- C:\WINDOWS\system32\untfs.dll
2008-08-24 13:16:23 ----A---- C:\WINDOWS\system32\ulib.dll
2008-08-24 13:16:23 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-08-24 13:16:23 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-08-24 13:16:22 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-08-24 13:16:22 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-24 13:16:22 ----A---- C:\WINDOWS\system32\userinit.exe
2008-08-24 13:16:09 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-24 13:16:09 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-08-24 13:16:08 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-17 12:47:20 ----D---- C:\Program Files\Trend Micro
2008-08-17 11:13:59 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-08-17 11:13:53 ----D---- C:\Program Files\Registry Mechanic
2008-08-17 08:03:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-14 03:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 03:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 03:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 03:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 03:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-01 15:05:28 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-01 15:05:26 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-01 15:05:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-01 15:05:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-01 15:05:16 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-01 15:05:16 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-01 15:05:08 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-01 15:05:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-01 15:05:05 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-01 15:05:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-01 15:05:05 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-01 15:05:05 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-01 15:05:05 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-01 15:05:05 ----N---- C:\WINDOWS\slrundll.exe
2008-08-01 15:05:01 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-01 15:04:58 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-01 15:04:57 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-01 15:04:56 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-01 15:04:54 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-01 15:04:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-01 15:04:54 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-01 15:04:54 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-01 15:04:52 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-01 15:04:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-01 15:04:47 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-01 15:04:39 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-01 15:04:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-01 15:04:37 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-01 15:04:22 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-01 15:04:22 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-01 15:04:22 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-01 15:04:22 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-01 15:04:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-01 15:04:09 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-01 15:04:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-01 15:04:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-01 15:04:08 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-01 15:04:08 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-01 15:03:57 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-01 15:03:56 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-01 15:03:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-01 15:03:48 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-01 15:03:43 ----A---- C:\WINDOWS\003164_.tmp
2008-08-01 15:03:42 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-01 15:03:40 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-01 15:03:38 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-01 15:03:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-01 15:03:37 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-01 15:03:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-01 15:03:34 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-01 15:03:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-01 15:03:29 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-01 15:03:28 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-01 15:03:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-01 15:03:26 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-01 15:03:22 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-07-26 13:59:22 ----A---- C:\DVDPATH.TXT
2008-07-13 16:35:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-13 16:35:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-13 16:35:40 ----A---- C:\WINDOWS\system32\java.exe
2008-07-10 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-24 20:13:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 20:13:15 ----D---- C:\Program Files\Common Files\PC Tools
2008-06-24 20:13:05 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-20 03:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-09-09 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-09-09 81288]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 AlesisFirewire;Alesis Firewire; C:\WINDOWS\System32\Drivers\AlesisFirewire.sys [2008-03-10 119680]
R3 AlesisFirewireAudio;Alesis Firewire Audio; C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys [2008-03-10 19456]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 AlesisFirewireMidi;Alesis Firewire MIDI; C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys [2008-03-10 19456]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

List of services

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-09-09 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-09 1077640]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-03-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.01 2008-09-14 14:05:12

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alesis Multimix Firewire-->MsiExec.exe /I{C510B035-E21E-45E2-99DB-CCB4C8679D04}
AstroPop Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barnyard Invasion from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
Chuzzle Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Family Feud-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\Uninstall.exe"
FATE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Mah Jong Quest from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Alesis (AlesisFirewire) MEDIA (03/06/2008 3.1.0.1210)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\AlesisFire_788118397DF78621C845B0406EFF36B45C98DED6\AlesisFirewire.inf
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"

Security center information

AV: Spyware Doctor with AntiVirus
AV: avast! antivirus 4.8.1229 [VPS 080913-0]

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
Dede
Active Member
 
Posts: 6
Joined: August 26th, 2008, 12:25 am

Re: Browser Hijacked! Re-submitting

Unread postby peku006 » September 15th, 2008, 4:37 am

Hi Dede

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Browser Hijacked! Re-submitting

Unread postby Dede » September 16th, 2008, 1:26 am

Hello :-)

Here are the results of the Kaspersky scan along with the latest Hijackthis log:

ASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 16, 2008 01:56:18
Records in database: 1238289
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 193015
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:21:31


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\My Documents\Alan's stuff\Junkstuffetc\Stuff\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\Documents and Settings\HP_Administrator\My Documents\Alan's stuff\Junkstuffetc\Stuff\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:11 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DISC\DiscGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jkos-HP_Administrator\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7417 bytes
Dede
Active Member
 
Posts: 6
Joined: August 26th, 2008, 12:25 am

Re: Browser Hijacked! Re-submitting

Unread postby peku006 » September 16th, 2008, 4:05 am

Hi Dede

Congratulations, your log looks clean! :)

Time for some housekeeping

Please download OTMoveIt and save it to desktop.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTMoveIt
  • The tool will delete itself once it finishes, if not delete it by yourself.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here


Install SpyWare Blaster 4.1
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing! :thumbup:
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Browser Hijacked! Re-submitting

Unread postby Dede » September 16th, 2008, 8:50 pm

Hi Peku...

My log may be clean, but I'm still getting this in my browser:


Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register Antivirus 2008.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).



Thanks for all your help. I'll follow your suggestions in your previous post.
Dede
Active Member
 
Posts: 6
Joined: August 26th, 2008, 12:25 am

Re: Browser Hijacked! Re-submitting

Unread postby peku006 » September 17th, 2008, 1:46 am

Hi Dede

My bad!...... So sorry

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Please let me know how your pc is now.

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Browser Hijacked! Re-submitting

Unread postby NonSuch » September 21st, 2008, 4:02 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 323 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware