Logfile of random's system information tool 1.06 (written by random/random)
Run by Marnie at 2009-03-24 13:33:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 215 GB (90%) free of 238 GB
Total RAM: 2047 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:47 PM, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\TELUS\eProtect Advisor\TEPA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mobsync.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\C0AB.tmp
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\Marnie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marnie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ca.rd.yahoo.com/customize/ie/def ... .yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ca.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ca.rd.yahoo.com/customize/ie/def ... .yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [TEPA.exe] "C:\Program Files\TELUS\eProtect Advisor\TEPA.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [A00F2E1B6417.exe] C:\DOCUME~1\Marnie\LOCALS~1\Temp\_A00F2E1B6417.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0389102859O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 1069758796O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/w ... der_v6.cabO20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: __c00BE511 - C:\WINDOWS\system32\__c00BE511.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Update Service (gupdate1c95e37ab285d32) (gupdate1c95e37ab285d32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9274 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\TELUS\TELUS Security service\pkR.dll [2005-05-19 65586]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
ZKBho Class - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll [2005-05-19 147511]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-24 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-24 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-24 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-11 88204]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE []
""= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-02-02 45056]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"TELUS Security service"=C:\Program Files\TELUS\TELUS Security service\Freedom.exe [2005-05-19 180278]
"TEPA.exe"=C:\Program Files\TELUS\eProtect Advisor\TEPA.exe [2007-03-20 2061816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-24 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TELUS_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2008-02-25 1468256]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"A00F2E1B6417.exe"=C:\DOCUME~1\Marnie\LOCALS~1\Temp\_A00F2E1B6417.exe [2009-03-22 46366]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
C:\WINDOWS\system32\crypts.dll [2009-03-22 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00BE511]
C:\WINDOWS\system32\__c00BE511.dat [2009-03-23 27136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\hppapd.exe"="D:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Symantec\pcAnywhere\winaw32.exe"="C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\GameHouse\Solitaire\Solitaire.exe"="C:\Program Files\GameHouse\Solitaire\Solitaire.exe:*:Disabled:Super Solitaire"
"C:\Program Files\PopCap Games\Alchemy Deluxe\WinAlch.exe"="C:\Program Files\PopCap Games\Alchemy Deluxe\WinAlch.exe:*:Enabled:WinAlch"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 3 months======
2009-03-24 13:33:46 ----D---- C:\rsit
2009-03-22 16:58:06 ----D---- C:\Program Files\Trend Micro
2009-03-22 16:03:03 ----A---- C:\Program Files\kypny.dll
2009-03-22 16:03:02 ----A---- C:\WINDOWS\system32\crypts.dll
2009-03-22 16:02:58 ----A---- C:\WINDOWS\system32\digeste.dll
2009-03-11 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-25 04:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 18:02:36 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-11 19:28:20 ----D---- C:\Program Files\iPod
2009-02-11 19:28:18 ----D---- C:\Program Files\iTunes
2009-02-11 19:28:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-11 19:26:41 ----D---- C:\Program Files\Bonjour
2009-02-11 19:23:35 ----D---- C:\Program Files\Apple Software Update
2009-02-11 04:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 14:21:23 ----A---- C:\WINDOWS\system32\cdintf251.dll
2009-02-10 14:21:14 ----D---- C:\Program Files\Intuit Canada
2009-01-16 17:55:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2009-01-16 17:54:57 ----D---- C:\Program Files\Common Files\Motive
2009-01-14 04:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-06 16:09:37 ----A---- C:\WINDOWS\system32\cdintf300.dll
2009-01-06 16:09:37 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2009-01-06 16:09:30 ----A---- C:\WINDOWS\system32\SfxBar.dll
2009-01-06 16:09:27 ----D---- C:\Program Files\Vortex
2009-01-06 16:09:21 ----A---- C:\WINDOWS\IsUn0c0c.exe
2009-01-06 16:06:38 ----A---- C:\WINDOWS\ODBC.INI
2009-01-06 16:06:38 ----A---- C:\Program Files\UNWISE.EXE
2009-01-06 16:06:35 ----A---- C:\WINDOWS\iireport46.INI
2009-01-06 16:06:24 ----N---- C:\WINDOWS\system32\MFCOLEUI.DLL
2009-01-06 16:06:23 ----N---- C:\WINDOWS\SHARE.EXE
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2lcom.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2l2000.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2fxls.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2fwordw.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2fwks.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2ftext.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\u2fsepv.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\msrdo20.dll
2009-01-06 16:06:19 ----N---- C:\WINDOWS\system32\MFCANS32.DLL
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2frtf.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2frec.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2fodbc.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2fhtml.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2fcr.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2dvim.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2dpost.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2dnotes.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2dmapi.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2ddisk.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u2dapp.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\u252000.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\sscsdk32.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2ssyb10.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2ssql.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2sora7.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2soledb.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2smon.dll
2009-01-06 16:06:18 ----N---- C:\WINDOWS\system32\p2sifmx.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\VBRUN300.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\VBOA300.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\VBDB300.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\vbar332.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\VB5DB.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\VB40032.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\rdocurs.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\p2bxbse.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\p2bbde.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\ODBCTL32.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\OC30.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\OC25.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\MSREPL35.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\MSJTER35.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\MSJINT35.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\MSJETINT.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\MSJETERR.DLL
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\crxlat32.dll
2009-01-06 16:06:17 ----N---- C:\WINDOWS\system32\crpaig32.dll
2009-01-06 16:06:16 ----N---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-01-06 16:06:16 ----N---- C:\WINDOWS\system32\QPRO32.DLL
2009-01-06 16:06:16 ----N---- C:\WINDOWS\system32\QPRO200.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\P2SODBC.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\P2IRDAO.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\P2CTDAO.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\P2BDAO.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\P2BBND.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\MSAJT200.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\MSAJT112.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\MSAJT110.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\MSAFINX.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\Implode.dll
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\GSWDLL16.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\GSWAG16.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\GSW16.EXE
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\FDPTOOLS.DLL
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\Crpe32.dll
2009-01-06 16:06:15 ----N---- C:\WINDOWS\system32\APIGID32.DLL
2009-01-06 16:06:14 ----N---- C:\WINDOWS\system32\MSRD2X35.DLL
2009-01-06 16:06:14 ----N---- C:\WINDOWS\system32\MSJET35.DLL
2009-01-06 16:06:14 ----N---- C:\WINDOWS\system32\msde.dll
2009-01-06 16:06:13 ----N---- C:\WINDOWS\system32\pdfexpt.dll
2009-01-06 16:06:13 ----N---- C:\WINDOWS\system32\DAO350.DLL
2009-01-06 16:06:13 ----N---- C:\WINDOWS\system32\craxdrt.dll
2009-01-06 16:06:13 ----N---- C:\WINDOWS\system32\actrpt2.dll
2009-01-06 16:06:11 ----A---- C:\WINDOWS\fdpxld.ini
2009-01-06 16:06:10 ----A---- C:\WINDOWS\IIREPO~1.INI
2009-01-06 16:05:58 ----D---- C:\Program Files\illustrate inc
2009-01-06 16:05:53 ----D---- C:\Program Files\Empire
2009-01-06 16:05:22 ----A---- C:\WINDOWS\efgtemp.ini
======List of files/folders modified in the last 3 months======
2009-03-24 13:33:29 ----D---- C:\WINDOWS\Prefetch
2009-03-24 13:33:10 ----SD---- C:\WINDOWS\Tasks
2009-03-24 13:32:03 ----D---- C:\WINDOWS\Temp
2009-03-24 13:18:56 ----D---- C:\WINDOWS\system32
2009-03-24 11:04:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 10:41:25 ----D---- C:\WINDOWS
2009-03-24 10:40:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-23 18:55:09 ----HD---- C:\Config.Msi
2009-03-23 18:55:07 ----SHD---- C:\WINDOWS\Installer
2009-03-23 18:55:07 ----D---- C:\Program Files\Common Files\Command Software
2009-03-22 16:58:06 ----RD---- C:\Program Files
2009-03-21 08:26:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2009-03-13 10:45:01 ----D---- C:\Program Files\Common Files\PestPatrol
2009-03-13 10:45:00 ----D---- C:\Program Files\Radialpoint
2009-03-13 10:43:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-13 10:42:52 ----D---- C:\Documents and Settings
2009-03-11 03:01:13 ----HD---- C:\WINDOWS\inf
2009-03-11 03:01:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 03:01:09 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 03:00:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-03-10 22:54:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-08 11:05:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-28 17:37:37 ----D---- C:\SMSDATA
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 12:08:30 ----SD---- C:\Documents and Settings\Marnie\Application Data\Microsoft
2009-02-11 20:02:12 ----D---- C:\Program Files\QuickTime
2009-02-11 19:28:46 ----D---- C:\WINDOWS\system32\drivers
2009-02-11 19:28:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-11 04:00:53 ----D---- C:\Program Files\Internet Explorer
2009-02-10 14:21:15 ----D---- C:\Documents and Settings\Marnie\Application Data\Greenpoint
2009-02-09 15:34:45 ----D---- C:\Program Files\Google
2009-01-24 14:40:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-16 22:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-16 17:55:11 ----D---- C:\Program Files\TELUS
2009-01-16 17:54:57 ----D---- C:\Program Files\Common Files
2009-01-13 13:51:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\GreenPoint
2009-01-08 04:00:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-06 16:09:30 ----A---- C:\WINDOWS\win.ini
2009-01-06 16:06:24 ----D---- C:\WINDOWS\system
2009-01-06 16:06:24 ----D---- C:\Program Files\Common Files\DESIGNER
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2006-01-20 783984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 FreeTdi;Freedom Filter (24214); C:\WINDOWS\System32\Drivers\FreeTdi.sys [2005-03-14 48640]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-27 34944]
R3 Freedom;Freedom Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [2003-09-24 33408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2006-01-20 142416]
R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-24 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-02-29 309088]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-10-22 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 Dksodva;Dksodva; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 gupdate1c95e37ab285d32;Google Update Service (gupdate1c95e37ab285d32); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------