Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google redirect problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google redirect problems

Unread postby jasonc162 » March 7th, 2010, 3:55 pm

im having a lot of problems wit a redirect virus

Here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:51 PM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6643244804
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 5073 bytes

Help

and ty
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm
Advertisement
Register to Remove

Re: google redirect problems

Unread postby andyspeake » March 11th, 2010, 12:16 pm

Hello, and Welcome :)
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a MRU teacher or senior malware remover. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • Continue to respond to this thread until I give you the All Clean! Remember, abscence of symptons doesn't mean you are malware free.
  • If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • If you are receiving help or have received help on this problem elsewhere, please let us know
  • Please bookmark or favourite this page. In case you need it as reference or etc.

All users of this forum must read this topic before proceeding
No Reply Within 3 Days Will Result In Your Topic Being Closed! If you need more time, please inform me.

uninstall list

  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby andyspeake » March 11th, 2010, 5:53 pm

Hi,

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

---------------

Stopzilla is quite a resource hog & to be honest, I wouldn't really recommend having it on your computer. It has been pushed by malware - which means, malware causes popups where it asks to install Stopzilla. This makes Stopzilla a questionable application. Your choice but personally I wouldn't touch it.

Uninstall bad programs

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Stopzilla

-----------------

Please run a new HJT scan when finished and post the log back here as well as a fresh uninstall list.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 11th, 2010, 9:49 pm

I do not have a listing for limewire in add and remove

Removed stopzilla

Here is the new hjt uninstall list

Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ASUS Probe V2.22.00
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 18
Marvell Miniport Driver
MiShell*Budget (remove only)
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
NVIDIA Drivers
OpenOffice.org 3.2
PCI Audio Driver
Roxio Media Manager
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978706)
SpeedFan (remove only)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Media Format Runtime
WinPatrol 2009
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby jasonc162 » March 11th, 2010, 9:54 pm

and hjt log sorry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:28 PM, on 3/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6643244804
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 4685 bytes
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby andyspeake » March 12th, 2010, 7:54 am

Hi,

Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So please back:
Gmer.txt
RSIT logs, info.txt + log.txt

Thanks
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 13th, 2010, 3:11 pm

Andy

I have the logs from RSIT however gmer locks up and never completes on my pc

here is the

Log #1
Logfile of random's system information tool 1.06 (written by random/random)
Run by jason Currington at 2010-03-13 13:06:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 121 GB (92%) free of 131 GB
Total RAM: 1535 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:31 PM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jason Currington\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jason Currington.exe

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6643244804
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 4521 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-02-20 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2010-02-20 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-21 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-02-20 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2001-12-31 3756032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

C:\Documents and Settings\jason Currington\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe"="C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-13 13:06:24 ----D---- C:\rsit
2010-03-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-07 19:08:11 ----D---- C:\Documents and Settings\jason Currington\Application Data\WinPatrol
2010-03-07 19:08:04 ----D---- C:\Program Files\BillP Studios
2010-03-07 14:22:34 ----D---- C:\Program Files\Perfect Uninstaller
2010-03-07 13:37:36 ----D---- C:\Program Files\Trend Micro
2010-03-07 12:56:18 ----D---- C:\WINDOWS\ERDNT
2010-03-07 12:55:42 ----D---- C:\Program Files\ERUNT
2010-03-07 10:07:56 ----RD---- C:\Program Files\Norton Support
2010-03-06 20:53:37 ----D---- C:\Documents and Settings\jason Currington\Application Data\OpenOffice.org
2010-03-06 20:49:29 ----D---- C:\Program Files\JRE
2010-03-06 20:49:25 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-02 20:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2010-03-02 20:07:04 ----D---- C:\Program Files\Common Files\iS3
2010-03-02 20:07:03 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-02-27 14:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-27 14:22:59 ----D---- C:\Program Files\MSXML 4.0
2010-02-26 22:59:46 ----D---- C:\Documents and Settings\jason Currington\Application Data\Roxio
2010-02-26 22:44:36 ----D---- C:\Documents and Settings\jason Currington\Application Data\Research In Motion
2010-02-26 22:42:18 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2010-02-26 22:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2010-02-26 22:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-02-26 22:40:08 ----D---- C:\Program Files\Roxio
2010-02-26 22:40:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2010-02-26 22:40:02 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-02-26 22:36:44 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-26 22:35:20 ----D---- C:\Documents and Settings\jason Currington\Application Data\Blackberry Desktop
2010-02-26 22:35:06 ----D---- C:\Program Files\Common Files\Research In Motion
2010-02-26 22:34:54 ----D---- C:\Program Files\Research In Motion
2010-02-26 22:29:06 ----SHD---- C:\WINDOWS\ftpcache
2010-02-26 05:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-24 05:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 05:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-23 05:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-23 05:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-22 20:50:01 ----D---- C:\WINDOWS\Minidump
2010-02-21 22:07:09 ----D---- C:\Program Files\Common Files\Adobe
2010-02-21 22:07:09 ----D---- C:\Program Files\Adobe
2010-02-21 22:07:04 ----A---- C:\WINDOWS\IsUninst.exe
2010-02-21 20:18:59 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-21 20:18:02 ----D---- C:\WINDOWS\Prefetch
2010-02-21 20:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-21 20:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-21 20:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-21 20:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-21 20:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-21 20:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-21 20:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-21 20:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-21 20:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-21 20:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-21 20:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-21 20:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-21 20:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-21 20:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-21 20:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-21 20:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-21 20:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-21 20:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-21 20:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-21 20:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-21 20:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-21 20:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-21 20:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-21 20:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-21 20:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-21 20:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-21 20:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-21 20:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-21 20:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-21 20:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-21 20:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-21 20:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-21 20:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-21 20:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-21 20:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-21 20:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-21 20:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-21 20:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-21 20:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-21 20:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-21 20:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-21 20:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-21 20:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-21 20:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-21 20:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-21 20:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-21 20:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-21 20:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-21 20:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-21 20:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-21 20:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-21 20:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-21 20:03:30 ----D---- C:\WINDOWS\system32\en-us
2010-02-21 20:03:29 ----D---- C:\WINDOWS\system32\scripting
2010-02-21 20:03:27 ----D---- C:\WINDOWS\l2schemas
2010-02-21 20:03:26 ----D---- C:\WINDOWS\system32\en
2010-02-21 19:56:27 ----D---- C:\WINDOWS\network diagnostic
2010-02-21 19:40:31 ----SH---- C:\WINDOWS\system32\unrar.exe
2010-02-21 19:40:31 ----D---- C:\WINDOWS\system32\1447252224
2010-02-21 19:40:21 ----SHD---- C:\System Volume Data
2010-02-21 19:06:02 ----D---- C:\Documents and Settings\jason Currington\Application Data\LimeWire
2010-02-21 19:05:51 ----D---- C:\Program Files\Common Files\Java
2010-02-21 19:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-21 19:05:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-21 19:05:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-21 19:05:20 ----A---- C:\WINDOWS\system32\java.exe
2010-02-21 19:05:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-21 19:05:02 ----D---- C:\Program Files\Java
2010-02-21 19:04:19 ----D---- C:\Documents and Settings\jason Currington\Application Data\Sun
2010-02-21 18:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-02-21 18:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-02-21 18:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-21 17:13:33 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-21 05:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-21 05:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-02-21 05:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-02-21 05:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-02-21 05:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-02-21 05:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-21 05:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-02-21 05:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-21 05:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978207_0$
2010-02-21 05:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-21 05:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-21 05:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-21 05:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-02-21 05:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-02-21 05:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-02-21 05:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-02-21 05:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-21 05:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-21 05:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-02-21 05:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-02-21 05:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-02-21 05:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-02-21 05:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-02-21 05:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-02-21 05:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-02-21 05:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-21 05:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-21 05:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-21 05:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-02-21 05:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-02-21 05:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-21 05:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-21 05:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-02-21 05:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-21 05:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-02-21 05:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-02-21 05:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-02-21 05:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-02-21 05:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-02-21 05:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-21 05:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-02-21 05:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-21 05:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-02-21 05:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-02-21 05:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-21 05:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-02-21 05:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-02-21 05:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-02-21 05:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-21 05:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-21 05:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-02-21 05:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-02-21 05:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-21 05:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-02-21 05:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-02-21 05:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-02-21 05:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-21 05:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-02-21 05:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-21 05:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-02-21 05:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-02-21 03:35:53 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-02-21 00:32:54 ----RA---- C:\ARestore.exe
2010-02-21 00:24:02 ----D---- C:\N360_BACKUP
2010-02-21 00:00:55 ----RA---- C:\WINDOWS\system32\nvwrszht.dll
2010-02-21 00:00:55 ----RA---- C:\WINDOWS\system32\nvrszht.dll
2010-02-21 00:00:54 ----RA---- C:\WINDOWS\system32\nvwrszhc.dll
2010-02-21 00:00:54 ----RA---- C:\WINDOWS\system32\nvwrstr.dll
2010-02-21 00:00:54 ----RA---- C:\WINDOWS\system32\nvrszhc.dll
2010-02-21 00:00:54 ----RA---- C:\WINDOWS\system32\nvrstr.dll
2010-02-21 00:00:53 ----RA---- C:\WINDOWS\system32\nvwrssv.dll
2010-02-21 00:00:53 ----RA---- C:\WINDOWS\system32\nvwrssl.dll
2010-02-21 00:00:53 ----RA---- C:\WINDOWS\system32\nvrssv.dll
2010-02-21 00:00:53 ----RA---- C:\WINDOWS\system32\nvrssl.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvwrssk.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvwrsru.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvwrsptb.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvrssk.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvrsru.dll
2010-02-21 00:00:52 ----RA---- C:\WINDOWS\system32\nvrsptb.dll
2010-02-21 00:00:51 ----RA---- C:\WINDOWS\system32\nvwrspt.dll
2010-02-21 00:00:51 ----RA---- C:\WINDOWS\system32\nvwrspl.dll
2010-02-21 00:00:51 ----RA---- C:\WINDOWS\system32\nvrspt.dll
2010-02-21 00:00:51 ----RA---- C:\WINDOWS\system32\nvrspl.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvwrsno.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvwrsnl.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvwrsko.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvrsno.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvrsnl.dll
2010-02-21 00:00:50 ----RA---- C:\WINDOWS\system32\nvrsko.dll
2010-02-21 00:00:49 ----RA---- C:\WINDOWS\system32\nvwrsja.dll
2010-02-21 00:00:49 ----RA---- C:\WINDOWS\system32\nvwrsit.dll
2010-02-21 00:00:49 ----RA---- C:\WINDOWS\system32\nvwrshu.dll
2010-02-21 00:00:49 ----RA---- C:\WINDOWS\system32\nvrsja.dll
2010-02-21 00:00:49 ----RA---- C:\WINDOWS\system32\nvrsit.dll
2010-02-21 00:00:48 ----RA---- C:\WINDOWS\system32\nvwrshe.dll
2010-02-21 00:00:48 ----RA---- C:\WINDOWS\system32\nvwrsfr.dll
2010-02-21 00:00:48 ----RA---- C:\WINDOWS\system32\nvrshu.dll
2010-02-21 00:00:48 ----RA---- C:\WINDOWS\system32\nvrshe.dll
2010-02-21 00:00:48 ----RA---- C:\WINDOWS\system32\nvrsfr.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvwrsfi.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvwrsesm.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvwrses.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvrsfi.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvrsesm.dll
2010-02-21 00:00:47 ----RA---- C:\WINDOWS\system32\nvrses.dll
2010-02-21 00:00:46 ----RA---- C:\WINDOWS\system32\nvwrseng.dll
2010-02-21 00:00:46 ----RA---- C:\WINDOWS\system32\nvwrsel.dll
2010-02-21 00:00:46 ----RA---- C:\WINDOWS\system32\nvwrsde.dll
2010-02-21 00:00:46 ----RA---- C:\WINDOWS\system32\nvrseng.dll
2010-02-21 00:00:46 ----RA---- C:\WINDOWS\system32\nvrsel.dll
2010-02-21 00:00:45 ----RA---- C:\WINDOWS\system32\nvwrsda.dll
2010-02-21 00:00:45 ----RA---- C:\WINDOWS\system32\nvwrscs.dll
2010-02-21 00:00:45 ----RA---- C:\WINDOWS\system32\nvrsde.dll
2010-02-21 00:00:45 ----RA---- C:\WINDOWS\system32\nvrsda.dll
2010-02-21 00:00:45 ----RA---- C:\WINDOWS\system32\nvrscs.dll
2010-02-21 00:00:44 ----RA---- C:\WINDOWS\system32\nwiz.exe
2010-02-21 00:00:44 ----RA---- C:\WINDOWS\system32\nvwrsar.dll
2010-02-21 00:00:44 ----RA---- C:\WINDOWS\system32\nvwimg.dll
2010-02-21 00:00:44 ----RA---- C:\WINDOWS\system32\nvwdmcpl.dll
2010-02-21 00:00:44 ----RA---- C:\WINDOWS\system32\nvrsar.dll
2010-02-21 00:00:43 ----RA---- C:\WINDOWS\system32\nvshell.dll
2010-02-21 00:00:43 ----RA---- C:\WINDOWS\system32\nview.dll
2010-02-21 00:00:43 ----RA---- C:\WINDOWS\system32\nvdspsch.exe
2010-02-21 00:00:42 ----RA---- C:\WINDOWS\system32\nvappbar.exe
2010-02-21 00:00:42 ----RA---- C:\WINDOWS\system32\keystone.exe
2010-02-21 00:00:42 ----D---- C:\WINDOWS\nview
2010-02-21 00:00:42 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-02-21 00:00:41 ----RA---- C:\WINDOWS\system32\nvwddi.dll
2010-02-21 00:00:41 ----RA---- C:\WINDOWS\system32\nvnt4cpl.dll
2010-02-21 00:00:41 ----RA---- C:\WINDOWS\system32\nvmctray.dll
2010-02-21 00:00:40 ----RA---- C:\WINDOWS\system32\nvcpl.dll
2010-02-21 00:00:38 ----RA---- C:\WINDOWS\system32\nvoglnt.dll
2010-02-21 00:00:36 ----RA---- C:\WINDOWS\system32\nvsvc32.exe
2010-02-21 00:00:36 ----RA---- C:\WINDOWS\system32\nvcodins.dll
2010-02-21 00:00:36 ----RA---- C:\WINDOWS\system32\nvcod.dll
2010-02-20 23:50:42 ----A---- C:\WINDOWS\mixerdef.ini
2010-02-20 23:48:28 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-20 23:47:42 ----A---- C:\WINDOWS\system32\Audio3D.dll
2010-02-20 23:47:42 ----A---- C:\WINDOWS\system32\a3d.dll
2010-02-20 23:47:41 ----A---- C:\WINDOWS\system32\cmnprop.dll
2010-02-20 23:47:41 ----A---- C:\WINDOWS\mixer.exe
2010-02-20 23:47:41 ----A---- C:\WINDOWS\cmuninst.exe
2010-02-20 23:47:40 ----D---- C:\Program Files\C-Media
2010-02-20 23:47:30 ----A---- C:\WINDOWS\CMISETUP.INI
2010-02-20 23:47:30 ----A---- C:\WINDOWS\CMCDPLAY.INI
2010-02-20 23:12:32 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-02-20 23:12:31 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-02-20 23:12:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-02-20 23:12:29 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-02-20 23:12:29 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-02-20 23:12:28 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-02-20 23:12:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-02-20 23:12:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-02-20 23:12:24 ----N---- C:\WINDOWS\system32\setupn.exe
2010-02-20 23:12:23 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-20 23:12:23 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-02-20 23:12:23 ----N---- C:\WINDOWS\system32\qutil.dll
2010-02-20 23:12:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-02-20 23:12:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-02-20 23:12:22 ----N---- C:\WINDOWS\system32\qagent.dll
2010-02-20 23:12:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-02-20 23:12:22 ----N---- C:\WINDOWS\system32\onex.dll
2010-02-20 23:12:20 ----N---- C:\WINDOWS\system32\napstat.exe
2010-02-20 23:12:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-02-20 23:12:20 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-02-20 23:12:19 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-02-20 23:12:19 ----N---- C:\WINDOWS\system32\msxml6.dll
2010-02-20 23:12:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-02-20 23:12:19 ----N---- C:\WINDOWS\system32\mssha.dll
2010-02-20 23:12:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-02-20 23:12:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-02-20 23:12:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-02-20 23:12:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-02-20 23:12:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-02-20 23:12:06 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-02-20 23:12:06 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-02-20 23:12:03 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-02-20 23:12:03 ----A---- C:\WINDOWS\005567_.tmp
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-02-20 23:12:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-02-20 23:12:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-02-20 23:12:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-02-20 23:12:01 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-02-20 23:12:01 ----N---- C:\WINDOWS\system32\credssp.dll
2010-02-20 23:12:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-20 23:12:00 ----N---- C:\WINDOWS\system32\azroles.dll
2010-02-20 23:11:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-02-20 22:58:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-20 22:55:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-02-20 22:55:54 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-02-20 22:21:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-20 22:21:18 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-20 22:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-20 22:21:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-20 21:50:48 ----D---- C:\WINDOWS\LMI3A.tmp
2010-02-20 21:43:30 ----D---- C:\WINDOWS\LMI35.tmp
2010-02-20 17:12:47 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-02-20 17:12:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-20 17:12:41 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-02-20 17:12:40 ----D---- C:\Program Files\Symantec
2010-02-20 17:12:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-20 17:12:09 ----D---- C:\Program Files\Windows Sidebar
2010-02-20 17:12:09 ----D---- C:\Program Files\Norton 360
2010-02-20 17:05:35 ----D---- C:\WINDOWS\peernet
2010-02-20 17:05:34 ----D---- C:\WINDOWS\provisioning
2010-02-20 17:04:12 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-20 17:01:25 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-20 16:59:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-20 16:59:49 ----D---- C:\WINDOWS\EHome
2010-02-20 16:34:23 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-02-20 16:34:20 ----D---- C:\Program Files\NortonInstaller
2010-02-20 16:34:20 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-02-20 15:02:28 ----D---- C:\Program Files\MiShellSoft
2010-02-20 08:23:04 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-20 07:42:02 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-20 05:02:53 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-20 05:02:44 ----HDC---- C:\WINDOWS\$NtUninstallQ329834$
2010-02-20 05:02:44 ----D---- C:\7ae83a18adfee2e76ef090
2010-02-20 05:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB823559$
2010-02-20 05:02:19 ----HDC---- C:\WINDOWS\$NtUninstallQ329048$
2010-02-20 05:02:19 ----D---- C:\e875c5f4cd25e9a063afd9528bd0856a
2010-02-20 05:02:08 ----HDC---- C:\WINDOWS\$NtUninstallQ810577$
2010-02-20 05:01:52 ----HDC---- C:\WINDOWS\$NtUninstallQ810833$
2010-02-20 05:01:22 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2010-02-20 05:01:05 ----HDC---- C:\WINDOWS\$NtUninstallQ329441$
2010-02-20 05:00:59 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-20 05:00:49 ----HDC---- C:\WINDOWS\$NtUninstallQ329170$
2010-02-20 05:00:33 ----HDC---- C:\WINDOWS\$NtUninstallQ329115$
2010-02-20 05:00:25 ----HDC---- C:\WINDOWS\$xpsp1hfm$
2010-02-20 05:00:25 ----HDC---- C:\WINDOWS\$NtUninstallQ329390$
2010-02-20 05:00:25 ----D---- C:\a678df18313
2010-02-20 05:00:25 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2010-02-20 00:57:56 ----D---- C:\Program Files\Marvell
2010-02-20 00:56:58 ----D---- C:\Program Files\Intel
2010-02-20 00:56:52 ----A---- C:\WINDOWS\system32\usbui.dll
2010-02-20 00:56:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-20 00:56:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-20 00:56:27 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-20 00:49:51 ----D---- C:\Program Files\ASUS
2010-02-20 00:49:43 ----A---- C:\WINDOWS\uninst.exe
2010-02-20 00:49:09 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-02-20 00:42:01 ----D---- C:\WINDOWS\pss
2010-02-20 00:41:25 ----SHD---- C:\WINDOWS\Installer
2010-02-20 00:41:23 ----D---- C:\Documents and Settings\jason Currington\Application Data\Identities
2010-02-20 00:41:21 ----HD---- C:\Program Files\Uninstall Information
2010-02-20 00:41:09 ----A---- C:\WINDOWS\system32\jit.dll
2010-02-20 00:41:09 ----A---- C:\WINDOWS\system32\javaee.dll
2010-02-20 00:41:09 ----A---- C:\WINDOWS\system32\dx3j.dll
2010-02-20 00:41:09 ----A---- C:\WINDOWS\setdebug.exe
2010-02-20 00:41:05 ----A---- C:\WINDOWS\system32\wjview.exe
2010-02-20 00:41:05 ----A---- C:\WINDOWS\system32\vmhelper.dll
2010-02-20 00:41:05 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\msjava.dll
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\msawt.dll
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\jview.exe
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\javart.dll
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\javaprxy.dll
2010-02-20 00:41:04 ----A---- C:\WINDOWS\system32\javacypt.dll
2010-02-20 00:41:03 ----A---- C:\WINDOWS\system32\clspack.exe
2010-02-20 00:40:55 ----ASH---- C:\Documents and Settings\jason Currington\Application Data\desktop.ini
2010-02-20 00:40:54 ----SD---- C:\Documents and Settings\jason Currington\Application Data\Microsoft
2010-02-20 00:39:12 ----SHD---- C:\System Volume Information
2010-02-20 00:39:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 00:36:55 ----D---- C:\WINDOWS\system32\xircom
2010-02-20 00:36:55 ----D---- C:\Program Files\xerox
2010-02-20 00:36:55 ----D---- C:\Program Files\microsoft frontpage
2010-02-20 00:36:40 ----D---- C:\DELL
2010-02-20 00:36:40 ----A---- C:\WINDOWS\system32\MSJAVX86.EXE
2010-02-20 00:36:28 ----A---- C:\WINDOWS\control.ini
2010-02-20 00:36:28 ----A---- C:\AUTOEXEC.BAT
2010-02-20 00:36:22 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-20 00:36:19 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-20 00:35:35 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-20 00:35:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-20 00:35:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-20 00:35:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-20 00:35:16 ----D---- C:\WINDOWS\srchasst
2010-02-20 00:35:10 ----D---- C:\WINDOWS\system32\Macromed
2010-02-20 00:35:10 ----D---- C:\WINDOWS\system32\DirectX
2010-02-20 00:35:02 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-20 00:35:01 ----D---- C:\Program Files\Movie Maker
2010-02-20 00:34:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-20 00:34:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-20 00:34:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-20 00:34:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-20 00:34:49 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-20 00:34:46 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-20 00:34:46 ----A---- C:\WINDOWS\desktop.ini
2010-02-20 00:34:42 ----D---- C:\WINDOWS\system32\Restore
2010-02-20 00:34:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-20 00:34:42 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-20 00:34:41 ----D---- C:\Program Files\Windows Media Player
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-20 00:34:41 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-20 00:34:40 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-20 00:34:38 ----D---- C:\WINDOWS\PCHEALTH
2010-02-20 00:34:38 ----D---- C:\Program Files\NetMeeting
2010-02-20 00:34:38 ----D---- C:\Program Files\Common Files\Services
2010-02-20 00:34:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-20 00:34:38 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-20 00:34:38 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-20 00:34:37 ----N---- C:\WINDOWS\system32\inetcomm.dll
2010-02-20 00:34:37 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-20 00:34:34 ----SD---- C:\WINDOWS\Tasks
2010-02-20 00:34:34 ----D---- C:\Program Files\Outlook Express
2010-02-20 00:34:34 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-20 00:34:34 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-20 00:34:34 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-20 00:34:33 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-20 00:34:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-20 00:34:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-20 00:34:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-20 00:34:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-20 00:34:32 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-20 00:34:29 ----D---- C:\Program Files\Common Files\System
2010-02-20 00:34:27 ----D---- C:\Program Files\Internet Explorer
2010-02-20 00:34:00 ----D---- C:\Program Files\ComPlus Applications
2010-02-20 00:33:59 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-20 00:33:59 ----A---- C:\WINDOWS\vb.ini
2010-02-20 00:33:56 ----D---- C:\WINDOWS\Registration
2010-02-20 00:33:51 ----HD---- C:\Program Files\WindowsUpdate
2010-02-20 00:33:51 ----D---- C:\Program Files\Online Services
2010-02-20 00:33:47 ----D---- C:\Program Files\Messenger
2010-02-20 00:33:42 ----D---- C:\Program Files\MSN
2010-02-20 00:33:39 ----D---- C:\Program Files\MSN Gaming Zone
2010-02-20 00:33:39 ----A---- C:\WINDOWS\system32\write.exe
2010-02-20 00:33:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-20 00:33:32 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-20 00:33:31 ----D---- C:\Program Files\Windows NT
2010-02-20 00:33:31 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-20 00:33:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-20 00:33:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-20 00:33:26 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-20 00:33:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-20 00:33:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-20 00:33:23 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-20 00:33:23 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-20 00:33:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-20 00:33:22 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-20 00:33:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-20 00:33:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-20 00:33:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-20 00:33:21 ----D---- C:\WINDOWS\system32\Com
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-20 00:33:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-20 00:33:20 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-20 00:33:20 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-20 00:33:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-20 00:33:13 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-20 00:33:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-20 00:33:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-20 00:33:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-20 00:33:13 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-02-19 23:45:34 ----N---- C:\WINDOWS\system32\spnpinst.exe
2010-02-19 23:23:07 ----D---- C:\WINDOWS\system32\bits
2010-02-19 23:23:02 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-19 23:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2010-02-19 23:22:53 ----N---- C:\WINDOWS\system32\xpob2res.dll
2010-02-19 23:22:53 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-19 23:22:53 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-19 23:22:53 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-02-19 23:22:53 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-19 23:21:17 ----A---- C:\WINDOWS\system32\wups2.dll
2010-02-19 23:21:17 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-19 23:21:17 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-02-19 23:21:17 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-19 23:21:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-02-19 23:21:16 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-19 23:21:16 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-19 23:20:48 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-19 23:20:17 ----SHD---- C:\RECYCLER
2010-02-19 23:19:48 ----A---- C:\WINDOWS\system32\wpa.bak
2010-02-19 23:08:45 ----D---- C:\Documents and Settings\jason Currington\Application Data\Macromedia
2010-02-19 23:08:45 ----D---- C:\Documents and Settings\jason Currington\Application Data\Adobe
2010-02-19 23:06:56 ----D---- C:\Documents and Settings\jason Currington\Application Data\Mozilla
2010-02-19 23:06:51 ----D---- C:\Program Files\Mozilla Firefox
2010-02-19 23:00:19 ----D---- C:\Program Files\SpeedFan
2010-02-19 16:32:24 ----A---- C:\WINDOWS\system32\h323log.txt
2010-02-19 16:30:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-19 16:30:04 ----D---- C:\Program Files\Common Files\ODBC
2010-02-19 16:30:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-19 16:30:04 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-19 16:30:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-02-19 16:30:01 ----RD---- C:\Program Files
2010-02-19 16:30:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-19 16:30:01 ----D---- C:\Program Files\Common Files
2010-02-19 16:30:00 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-02-19 16:29:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-02-19 16:29:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-02-19 16:29:58 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-02-19 16:29:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-02-19 16:29:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-02-19 16:29:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-02-19 16:29:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-02-19 16:29:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-02-19 16:29:55 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-02-19 16:29:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-02-19 16:29:52 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-19 16:29:52 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-19 16:29:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-02-19 16:29:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-02-19 16:29:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-02-19 16:29:51 ----A---- C:\WINDOWS\system32\batt.dll
2010-02-19 16:29:50 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-02-19 16:29:50 ----A---- C:\WINDOWS\notepad.exe
2010-02-19 16:29:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-02-19 16:29:48 ----A---- C:\WINDOWS\system32\storprop.dll
2010-02-19 16:29:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-02-19 16:29:12 ----RA---- C:\WINDOWS\SETD.tmp
2010-02-19 16:29:11 ----RA---- C:\WINDOWS\SET7.tmp
2010-02-19 16:29:09 ----RA---- C:\WINDOWS\SET3.tmp
2010-02-19 16:29:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 16:29:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-19 16:28:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-19 16:28:51 ----A---- C:\WINDOWS\setuplog.txt
2010-02-19 16:28:48 ----D---- C:\Documents and Settings
2010-02-19 16:28:00 ----RASH---- C:\boot.ini
2010-02-19 16:25:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-19 16:25:35 ----RSD---- C:\WINDOWS\Fonts
2010-02-19 16:25:35 ----RD---- C:\WINDOWS\Web
2010-02-19 16:25:35 ----HD---- C:\WINDOWS\inf
2010-02-19 16:25:35 ----D---- C:\WINDOWS\WinSxS
2010-02-19 16:25:35 ----D---- C:\WINDOWS\twain_32
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Temp
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\wins
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\wbem
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\usmt
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\spool
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\ShellExt
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\Setup
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\ras
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\oobe
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\npp
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\mui
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\IME
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\icsxml
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\ias
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\export
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\drivers
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\dhcp
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\config
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\3com_dmi
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\3076
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\2052
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1054
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1042
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1041
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1037
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1033
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1031
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1028
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32\1025
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system32
2010-02-19 16:25:35 ----D---- C:\WINDOWS\system
2010-02-19 16:25:35 ----D---- C:\WINDOWS\security
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Resources
2010-02-19 16:25:35 ----D---- C:\WINDOWS\repair
2010-02-19 16:25:35 ----D---- C:\WINDOWS\mui
2010-02-19 16:25:35 ----D---- C:\WINDOWS\msapps
2010-02-19 16:25:35 ----D---- C:\WINDOWS\msagent
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Media
2010-02-19 16:25:35 ----D---- C:\WINDOWS\java
2010-02-19 16:25:35 ----D---- C:\WINDOWS\ime
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Help
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Driver Cache
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Debug
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Cursors
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Connection Wizard
2010-02-19 16:25:35 ----D---- C:\WINDOWS\Config
2010-02-19 16:25:35 ----D---- C:\WINDOWS\AppPatch
2010-02-19 16:25:35 ----D---- C:\WINDOWS\addins
2010-02-19 16:25:35 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-02-20 21:55:34 ----A---- C:\WINDOWS\win.ini
2010-02-20 21:55:34 ----A---- C:\WINDOWS\system.ini
2010-02-20 17:02:27 ----RASH---- C:\NTDETECT.COM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-02-20 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-02-20 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-02-20 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-02-20 217136]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-12-10 357070]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-02-20 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-12-31 2167552]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-02-20 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-02-20 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-02-20 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-02-20 36400]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-10-23 174336]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.037\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100312.037\NAVEX15.SYS []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-02-20 308272]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-02-20 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-21 153376]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-02-20 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2001-12-31 114755]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-03-25 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-03-26 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-26 166648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-03-25 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 1010424]

-----------------EOF-----------------
And Log #2info.txt logfile of random's system information tool 1.06 2010-03-13 13:06:35

======Uninstall list======

-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
ASUS Probe V2.22.00-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\jason Currington\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MiShell*Budget (remove only)-->"C:\Program Files\MiShellSoft\Budget\uninstall.exe"
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.8.0.41\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
PCI Audio Driver-->cmuninst.exe
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

======Security center information======

AV: Norton 360 (disabled)
FW: Norton 360

======System event log======

Computer Name: ROCKY-183SXA7K0
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

Record Number: 739
Source Name: Windows Update Agent
Time Written: 20100221185325.000000-360
Event Type: error
User:

Computer Name: ROCKY-183SXA7K0
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Record Number: 324
Source Name: Service Control Manager
Time Written: 20100220183831.000000-360
Event Type: error
User:

Computer Name: ROCKY-183SXA7K0
Event Code: 1002
Message: The IP address lease 192.168.1.4 for the Network Card with network address 00112F82BD44 has been
denied by the DHCP server 10.54.1.50 (The DHCP Server sent a DHCPNACK message).

Record Number: 185
Source Name: Dhcp
Time Written: 20100220144603.000000-360
Event Type: error
User:

Computer Name: ROCKY-183SXA7K0
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\JASONCURRINGTON on the network \Device\NetBT_Tcpip_{9D27F628-3388-4BD4-B7A9-D28D85B6F48D}.
The data is the error code.

Record Number: 137
Source Name: BROWSER
Time Written: 20100220002105.000000-360
Event Type: warning
User:

Computer Name: ROCKY-183SXA7K0
Event Code: 4311
Message: Initialization failed because the driver device could not be created.

Record Number: 57
Source Name: NetBT
Time Written: 20100220005809.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: ROCKY-183SXA7K0
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 58
Source Name: WinMgmt
Time Written: 20100220171137.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ROCKY-183SXA7K0
Event Code: 63
Message: A provider, WMIProv, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 47
Source Name: WinMgmt
Time Written: 20100220170605.000000-360
Event Type: warning
User: ROCKY-183SXA7K0\jason Currington

Computer Name: ROCKY-183SXA7K0
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 46
Source Name: WinMgmt
Time Written: 20100220170605.000000-360
Event Type: warning
User: ROCKY-183SXA7K0\jason Currington

Computer Name: ROCKY-183SXA7K0
Event Code: 1006
Message: You have successfully activated your Windows product. Thank you.


Record Number: 26
Source Name: Windows Product Activation
Time Written: 20100219231948.000000-360
Event Type:
User:

Computer Name: ROCKY-183SXA7K0
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.


Record Number: 17
Source Name: Windows Product Activation
Time Written: 20100220004056.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------
please advise on gmer
ty
rocky
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby andyspeake » March 14th, 2010, 8:23 pm

Hi,

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

RootRepeal - Rootkit Detector

  • Download RootRepeal from the following location and save it to your desktop.
  • Unzip it to your Desktop
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • Check the box for your main system drive (Usually C:), and Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

So please post back:
MGADiag.exe Results
RootRepeal.txt

Thanks
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 14th, 2010, 9:48 pm

ty for answering

here are the posts you requested

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-VD6RH-3XPCY-84966
Windows Product Key Hash: CHs+hh6pWVoQwlGEFxOTgJqt+z4=
Windows Product ID: 55274-OEM-2212421-42906
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {672F4966-E21D-4941-AD46-C4A6AA05F5AB}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{672F4966-E21D-4941-AD46-C4A6AA05F5AB}</UGUID><Version>1.9.0019.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-84966</PKey><PID>55274-OEM-2212421-42906</PID><PIDType>3</PIDType><SID>S-1-5-21-1275210071-1757981266-682003330</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1002.002</Version><SMBIOSVersion major="2" minor="3"/><Date>20040225000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>D8C2306F01846072</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 14BBD:GENUINE C&C INC
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

-----------------------------------------------------------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/14 20:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7735000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79EB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB566F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798D000 Size: 5248 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7419000 Size: 323584 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8965f948

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8965ebf0

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8959d8d0

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8958d178

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89425790

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ab1130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8955f830

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8941c4b8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89768f88

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89347250

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ab13b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ab1910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8959def8

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8959a3c0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x893af448

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8965e520

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x892f5df0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x892a1d90

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8965f748

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8965d9a8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x893f6c98

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x89374138

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8965d630

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x896bfa08

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89333ba0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8940d058

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x892a1978

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x89391008

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb7ab1b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89378e30

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8955bd40

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x898b6be0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89560cc0

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x893bf050

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8959ada8

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8961d408

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x895e01e8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x895da368

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x89770918

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x89553dc0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89723e60

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x897add08

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x89745948

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8957b780

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x89760e50

==EOF==


Ty
I will wait for a reply
Rocky
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby andyspeake » March 16th, 2010, 8:27 am

Hi,

-----------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\WINDOWS\system32\1447252224
    C:\WINDOWS\srchasst
    C:\a678df18313
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\mixerdef.ini

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please

-------------------

Reset Host File w/ Batch file
Note: If you used any custom Hosts (eg. Spybot's Immunize, MVPS Hosts, etc...), you will have to reapply them!
  1. Open Notepad.
  2. Copy and paste the contents of the box below, into Notepad.
    @Echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0
  3. Using the Command line, select File... then select Save As.
  4. Filename = RestHost.bat
  5. Save as Type = All Files <<=== important, won't work otherwise.
  6. Save the file to your Desktop.
    Image
    RestHost.bat <<------------- you should see this on your desktop.
  7. Double click on the RestHost.bat to execute. The batch file will be deleted when finished.

--------------------

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT for items listed "C:\System Volume information..." and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



So please post back:
SystemLook.txt
Upload Results
Did the Batch file delete itself?
MBAM results log


Thanks.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 16th, 2010, 9:52 pm

hi andy

sorry it took a while the domain move held things up a bit

here are the new posts

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:08 on 16/03/2010 by jason Currington (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\system32\1447252224 - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\WINDOWS\srchasst - Parameters: "(none)"

---Files---
msgr3en.dll --a--- 3166208 bytes [06:35 20/02/2010] [00:11 14/04/2008]
nls302en.lex --a--- 4399505 bytes [06:35 20/02/2010] [12:00 18/08/2001]
srchctls.dll --a--- 58434 bytes [06:35 20/02/2010] [00:12 14/04/2008]
srchui.dll --a--- 726078 bytes [06:35 20/02/2010] [00:12 14/04/2008]

---Folders---
chars d----- [06:35 20/02/2010]
mui d----- [06:35 20/02/2010]

C:\a678df18313 - Parameters: "(none)"

---Files---
None found.

---Folders---
sp1 d----- [11:00 20/02/2010]

-=End Of File=-
----------------------------------------------------------------------------------------
MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/16/2010 8:43:06 PM
mbam-log-2010-03-16 (20-43-06).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 226102
Time elapsed: 52 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------

batch file deleted itself

upload results nothing found

Ty
Awaiting your response
Rocky
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby andyspeake » March 17th, 2010, 12:11 pm

Hi,

ERUNT
I see you already have ERUNT on your machine:

This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:processes

:Files
C:\Documents and Settings\jason Currington\Application Data\LimeWire
C:\Documents and Settings\All Users\Application Data\STOPzilla!
C:\Documents and Settings\jason Currington\Desktop\LimeWire

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

So please post back:
OTM Results
RSIT log.txt
Let me know how your computers running.

Thanks.
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 17th, 2010, 7:39 pm

Hi here is the log for
OTM


All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Documents and Settings\jason Currington\Application Data\LimeWire not found.
C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
File/Folder C:\Documents and Settings\jason Currington\Desktop\LimeWire not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"dontdisplaylastusername"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"legalnoticecaption"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"legalnoticetext"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"shutdownwithoutlogon"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"undockwithoutlogon"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableRegistryTools"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jason Currington
->Temp folder emptied: 342987 bytes
->Temporary Internet Files folder emptied: 37384120 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35689444 bytes
->Flash cache emptied: 11677 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5236028 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 03172010_182502
All processes killed

OTM by OldTimer - Version 3.1.10.0 log created on 03172010_182502

Files moved on Reboot...
File C:\WINDOWS\temp\JET1E70.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_344.dat not found!

Registry entries deleted on Reboot...
-----------------------------------------------------------------------------------------

And RSIT LOG


Logfile of random's system information tool 1.06 (written by random/random)
Run by jason Currington at 2010-03-17 18:31:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 121 GB (92%) free of 131 GB
Total RAM: 1535 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:52 PM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\notepad.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jason Currington\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jason Currington.exe

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6643244804
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 4887 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-02-20 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2010-02-20 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-21 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-02-20 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-26 228088]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2001-12-31 3756032]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-13 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

C:\Documents and Settings\jason Currington\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe"="C:\Documents and Settings\jason Currington\Desktop\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-17 18:25:02 ----D---- C:\_OTM
2010-03-16 19:48:07 ----D---- C:\Documents and Settings\jason Currington\Application Data\Malwarebytes
2010-03-16 19:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-16 19:48:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-14 20:42:50 ----A---- C:\RootRepeal report 03-14-10 (20-42-50).txt
2010-03-14 20:29:01 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-03-13 19:55:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-13 19:55:24 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-13 19:55:24 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-13 19:55:14 ----D---- C:\Program Files\Common Files\xing shared
2010-03-13 19:54:48 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-13 19:54:44 ----D---- C:\Program Files\Real
2010-03-13 19:54:39 ----D---- C:\Program Files\Common Files\Real
2010-03-13 19:54:38 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-03-13 19:54:35 ----D---- C:\Documents and Settings\jason Currington\Application Data\Real
2010-03-13 14:06:24 ----D---- C:\rsit
2010-03-11 04:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-07 20:08:11 ----D---- C:\Documents and Settings\jason Currington\Application Data\WinPatrol
2010-03-07 20:08:04 ----D---- C:\Program Files\BillP Studios
2010-03-07 15:22:34 ----D---- C:\Program Files\Perfect Uninstaller
2010-03-07 14:37:36 ----D---- C:\Program Files\Trend Micro
2010-03-07 13:56:18 ----D---- C:\WINDOWS\ERDNT
2010-03-07 13:55:42 ----D---- C:\Program Files\ERUNT
2010-03-07 11:07:56 ----RD---- C:\Program Files\Norton Support
2010-03-06 21:53:37 ----D---- C:\Documents and Settings\jason Currington\Application Data\OpenOffice.org
2010-03-06 21:49:29 ----D---- C:\Program Files\JRE
2010-03-06 21:49:25 ----D---- C:\Program Files\OpenOffice.org 3
2010-03-02 21:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2010-03-02 21:07:04 ----D---- C:\Program Files\Common Files\iS3
2010-02-27 15:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-27 15:22:59 ----D---- C:\Program Files\MSXML 4.0
2010-02-26 23:59:46 ----D---- C:\Documents and Settings\jason Currington\Application Data\Roxio
2010-02-26 23:44:36 ----D---- C:\Documents and Settings\jason Currington\Application Data\Research In Motion
2010-02-26 23:42:18 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2010-02-26 23:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2010-02-26 23:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-02-26 23:40:08 ----D---- C:\Program Files\Roxio
2010-02-26 23:40:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2010-02-26 23:40:02 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-02-26 23:36:44 ----D---- C:\WINDOWS\RegisteredPackages
2010-02-26 23:35:20 ----D---- C:\Documents and Settings\jason Currington\Application Data\Blackberry Desktop
2010-02-26 23:35:06 ----D---- C:\Program Files\Common Files\Research In Motion
2010-02-26 23:34:54 ----D---- C:\Program Files\Research In Motion
2010-02-26 23:29:06 ----SHD---- C:\WINDOWS\ftpcache
2010-02-26 06:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-24 06:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 06:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-23 06:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-23 06:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-22 21:50:01 ----D---- C:\WINDOWS\Minidump
2010-02-21 23:07:09 ----D---- C:\Program Files\Common Files\Adobe
2010-02-21 23:07:09 ----D---- C:\Program Files\Adobe
2010-02-21 23:07:04 ----A---- C:\WINDOWS\IsUninst.exe
2010-02-21 21:18:59 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-21 21:18:02 ----D---- C:\WINDOWS\Prefetch
2010-02-21 21:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-21 21:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-21 21:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-21 21:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-21 21:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-21 21:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-21 21:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-21 21:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-21 21:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-21 21:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-21 21:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-21 21:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-21 21:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-21 21:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-21 21:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-21 21:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-21 21:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-21 21:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-21 21:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-21 21:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-21 21:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-21 21:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-21 21:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-21 21:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-21 21:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-21 21:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-21 21:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-21 21:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-21 21:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-21 21:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-21 21:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-21 21:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-21 21:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-21 21:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-21 21:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-21 21:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-21 21:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-21 21:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-21 21:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-21 21:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-21 21:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-21 21:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-21 21:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-21 21:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-21 21:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-21 21:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-21 21:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-21 21:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-21 21:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-21 21:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-21 21:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-21 21:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-21 21:03:30 ----D---- C:\WINDOWS\system32\en-us
2010-02-21 21:03:29 ----D---- C:\WINDOWS\system32\scripting
2010-02-21 21:03:27 ----D---- C:\WINDOWS\l2schemas
2010-02-21 21:03:26 ----D---- C:\WINDOWS\system32\en
2010-02-21 20:56:27 ----D---- C:\WINDOWS\network diagnostic
2010-02-21 20:40:31 ----SH---- C:\WINDOWS\system32\unrar.exe
2010-02-21 20:40:31 ----D---- C:\WINDOWS\system32\1447252224
2010-02-21 20:40:21 ----SHD---- C:\System Volume Data
2010-02-21 20:06:02 ----D---- C:\Documents and Settings\jason Currington\Application Data\LimeWire
2010-02-21 20:05:51 ----D---- C:\Program Files\Common Files\Java
2010-02-21 20:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-21 20:05:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-21 20:05:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-21 20:05:20 ----A---- C:\WINDOWS\system32\java.exe
2010-02-21 20:05:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-21 20:05:02 ----D---- C:\Program Files\Java
2010-02-21 20:04:19 ----D---- C:\Documents and Settings\jason Currington\Application Data\Sun
2010-02-21 19:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-02-21 19:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-02-21 19:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-21 18:13:33 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-21 06:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-21 06:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-02-21 06:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-02-21 06:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-02-21 06:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-02-21 06:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-21 06:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-02-21 06:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-21 06:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978207_0$
2010-02-21 06:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-21 06:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-21 06:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-21 06:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-02-21 06:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-02-21 06:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-02-21 06:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-02-21 06:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-21 06:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-21 06:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-02-21 06:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-02-21 06:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-02-21 06:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-02-21 06:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-02-21 06:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-02-21 06:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-02-21 06:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-21 06:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-21 06:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-21 06:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-02-21 06:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-02-21 06:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-21 06:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-21 06:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-02-21 06:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-21 06:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-02-21 06:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-02-21 06:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-02-21 06:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-02-21 06:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-02-21 06:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-21 06:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-02-21 06:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-21 06:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-02-21 06:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-02-21 06:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-21 06:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-02-21 06:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-02-21 06:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-02-21 06:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-21 06:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-21 06:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-02-21 06:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-02-21 06:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-21 06:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-02-21 06:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-02-21 06:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-02-21 06:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-21 06:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-02-21 06:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-21 06:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-02-21 06:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-02-21 04:35:53 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-02-21 01:32:54 ----RA---- C:\ARestore.exe
2010-02-21 01:24:02 ----D---- C:\N360_BACKUP
2010-02-21 01:00:55 ----RA---- C:\WINDOWS\system32\nvwrszht.dll
2010-02-21 01:00:55 ----RA---- C:\WINDOWS\system32\nvrszht.dll
2010-02-21 01:00:54 ----RA---- C:\WINDOWS\system32\nvwrszhc.dll
2010-02-21 01:00:54 ----RA---- C:\WINDOWS\system32\nvwrstr.dll
2010-02-21 01:00:54 ----RA---- C:\WINDOWS\system32\nvrszhc.dll
2010-02-21 01:00:54 ----RA---- C:\WINDOWS\system32\nvrstr.dll
2010-02-21 01:00:53 ----RA---- C:\WINDOWS\system32\nvwrssv.dll
2010-02-21 01:00:53 ----RA---- C:\WINDOWS\system32\nvwrssl.dll
2010-02-21 01:00:53 ----RA---- C:\WINDOWS\system32\nvrssv.dll
2010-02-21 01:00:53 ----RA---- C:\WINDOWS\system32\nvrssl.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvwrssk.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvwrsru.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvwrsptb.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvrssk.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvrsru.dll
2010-02-21 01:00:52 ----RA---- C:\WINDOWS\system32\nvrsptb.dll
2010-02-21 01:00:51 ----RA---- C:\WINDOWS\system32\nvwrspt.dll
2010-02-21 01:00:51 ----RA---- C:\WINDOWS\system32\nvwrspl.dll
2010-02-21 01:00:51 ----RA---- C:\WINDOWS\system32\nvrspt.dll
2010-02-21 01:00:51 ----RA---- C:\WINDOWS\system32\nvrspl.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvwrsno.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvwrsnl.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvwrsko.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvrsno.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvrsnl.dll
2010-02-21 01:00:50 ----RA---- C:\WINDOWS\system32\nvrsko.dll
2010-02-21 01:00:49 ----RA---- C:\WINDOWS\system32\nvwrsja.dll
2010-02-21 01:00:49 ----RA---- C:\WINDOWS\system32\nvwrsit.dll
2010-02-21 01:00:49 ----RA---- C:\WINDOWS\system32\nvwrshu.dll
2010-02-21 01:00:49 ----RA---- C:\WINDOWS\system32\nvrsja.dll
2010-02-21 01:00:49 ----RA---- C:\WINDOWS\system32\nvrsit.dll
2010-02-21 01:00:48 ----RA---- C:\WINDOWS\system32\nvwrshe.dll
2010-02-21 01:00:48 ----RA---- C:\WINDOWS\system32\nvwrsfr.dll
2010-02-21 01:00:48 ----RA---- C:\WINDOWS\system32\nvrshu.dll
2010-02-21 01:00:48 ----RA---- C:\WINDOWS\system32\nvrshe.dll
2010-02-21 01:00:48 ----RA---- C:\WINDOWS\system32\nvrsfr.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvwrsfi.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvwrsesm.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvwrses.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvrsfi.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvrsesm.dll
2010-02-21 01:00:47 ----RA---- C:\WINDOWS\system32\nvrses.dll
2010-02-21 01:00:46 ----RA---- C:\WINDOWS\system32\nvwrseng.dll
2010-02-21 01:00:46 ----RA---- C:\WINDOWS\system32\nvwrsel.dll
2010-02-21 01:00:46 ----RA---- C:\WINDOWS\system32\nvwrsde.dll
2010-02-21 01:00:46 ----RA---- C:\WINDOWS\system32\nvrseng.dll
2010-02-21 01:00:46 ----RA---- C:\WINDOWS\system32\nvrsel.dll
2010-02-21 01:00:45 ----RA---- C:\WINDOWS\system32\nvwrsda.dll
2010-02-21 01:00:45 ----RA---- C:\WINDOWS\system32\nvwrscs.dll
2010-02-21 01:00:45 ----RA---- C:\WINDOWS\system32\nvrsde.dll
2010-02-21 01:00:45 ----RA---- C:\WINDOWS\system32\nvrsda.dll
2010-02-21 01:00:45 ----RA---- C:\WINDOWS\system32\nvrscs.dll
2010-02-21 01:00:44 ----RA---- C:\WINDOWS\system32\nwiz.exe
2010-02-21 01:00:44 ----RA---- C:\WINDOWS\system32\nvwrsar.dll
2010-02-21 01:00:44 ----RA---- C:\WINDOWS\system32\nvwimg.dll
2010-02-21 01:00:44 ----RA---- C:\WINDOWS\system32\nvwdmcpl.dll
2010-02-21 01:00:44 ----RA---- C:\WINDOWS\system32\nvrsar.dll
2010-02-21 01:00:43 ----RA---- C:\WINDOWS\system32\nvshell.dll
2010-02-21 01:00:43 ----RA---- C:\WINDOWS\system32\nview.dll
2010-02-21 01:00:43 ----RA---- C:\WINDOWS\system32\nvdspsch.exe
2010-02-21 01:00:42 ----RA---- C:\WINDOWS\system32\nvappbar.exe
2010-02-21 01:00:42 ----RA---- C:\WINDOWS\system32\keystone.exe
2010-02-21 01:00:42 ----D---- C:\WINDOWS\nview
2010-02-21 01:00:42 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-02-21 01:00:41 ----RA---- C:\WINDOWS\system32\nvwddi.dll
2010-02-21 01:00:41 ----RA---- C:\WINDOWS\system32\nvnt4cpl.dll
2010-02-21 01:00:41 ----RA---- C:\WINDOWS\system32\nvmctray.dll
2010-02-21 01:00:40 ----RA---- C:\WINDOWS\system32\nvcpl.dll
2010-02-21 01:00:38 ----RA---- C:\WINDOWS\system32\nvoglnt.dll
2010-02-21 01:00:36 ----RA---- C:\WINDOWS\system32\nvsvc32.exe
2010-02-21 01:00:36 ----RA---- C:\WINDOWS\system32\nvcodins.dll
2010-02-21 01:00:36 ----RA---- C:\WINDOWS\system32\nvcod.dll
2010-02-21 00:50:42 ----A---- C:\WINDOWS\mixerdef.ini
2010-02-21 00:48:28 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-21 00:47:42 ----A---- C:\WINDOWS\system32\Audio3D.dll
2010-02-21 00:47:42 ----A---- C:\WINDOWS\system32\a3d.dll
2010-02-21 00:47:41 ----A---- C:\WINDOWS\system32\cmnprop.dll
2010-02-21 00:47:41 ----A---- C:\WINDOWS\mixer.exe
2010-02-21 00:47:41 ----A---- C:\WINDOWS\cmuninst.exe
2010-02-21 00:47:40 ----D---- C:\Program Files\C-Media
2010-02-21 00:47:30 ----A---- C:\WINDOWS\CMISETUP.INI
2010-02-21 00:47:30 ----A---- C:\WINDOWS\CMCDPLAY.INI
2010-02-21 00:12:32 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-02-21 00:12:31 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-02-21 00:12:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-02-21 00:12:29 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-02-21 00:12:29 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-02-21 00:12:28 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-02-21 00:12:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-02-21 00:12:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-02-21 00:12:24 ----N---- C:\WINDOWS\system32\setupn.exe
2010-02-21 00:12:23 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-21 00:12:23 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-02-21 00:12:23 ----N---- C:\WINDOWS\system32\qutil.dll
2010-02-21 00:12:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-02-21 00:12:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-02-21 00:12:22 ----N---- C:\WINDOWS\system32\qagent.dll
2010-02-21 00:12:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-02-21 00:12:22 ----N---- C:\WINDOWS\system32\onex.dll
2010-02-21 00:12:20 ----N---- C:\WINDOWS\system32\napstat.exe
2010-02-21 00:12:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-02-21 00:12:20 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-02-21 00:12:19 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-02-21 00:12:19 ----N---- C:\WINDOWS\system32\msxml6.dll
2010-02-21 00:12:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-02-21 00:12:19 ----N---- C:\WINDOWS\system32\mssha.dll
2010-02-21 00:12:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-02-21 00:12:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-02-21 00:12:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-02-21 00:12:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-02-21 00:12:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-02-21 00:12:06 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-02-21 00:12:06 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-02-21 00:12:03 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-02-21 00:12:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-02-21 00:12:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-02-21 00:12:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-02-21 00:12:01 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-02-21 00:12:01 ----N---- C:\WINDOWS\system32\credssp.dll
2010-02-21 00:12:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-21 00:12:00 ----N---- C:\WINDOWS\system32\azroles.dll
2010-02-21 00:11:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-02-20 23:58:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-20 23:55:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-02-20 23:55:54 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-02-20 23:21:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-20 23:21:18 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-20 23:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-20 23:21:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-20 18:12:47 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-02-20 18:12:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-20 18:12:41 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-02-20 18:12:40 ----D---- C:\Program Files\Symantec
2010-02-20 18:12:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-20 18:12:09 ----D---- C:\Program Files\Windows Sidebar
2010-02-20 18:12:09 ----D---- C:\Program Files\Norton 360
2010-02-20 18:05:35 ----D---- C:\WINDOWS\peernet
2010-02-20 18:05:34 ----D---- C:\WINDOWS\provisioning
2010-02-20 18:04:12 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-20 18:01:25 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-20 17:59:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-20 17:59:49 ----D---- C:\WINDOWS\EHome
2010-02-20 17:34:23 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-02-20 17:34:20 ----D---- C:\Program Files\NortonInstaller
2010-02-20 17:34:20 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-02-20 16:02:28 ----D---- C:\Program Files\MiShellSoft
2010-02-20 09:23:04 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-20 08:42:02 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-20 06:02:53 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-20 06:02:44 ----HDC---- C:\WINDOWS\$NtUninstallQ329834$
2010-02-20 06:02:44 ----D---- C:\7ae83a18adfee2e76ef090
2010-02-20 06:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB823559$
2010-02-20 06:02:19 ----HDC---- C:\WINDOWS\$NtUninstallQ329048$
2010-02-20 06:02:19 ----D---- C:\e875c5f4cd25e9a063afd9528bd0856a
2010-02-20 06:02:08 ----HDC---- C:\WINDOWS\$NtUninstallQ810577$
2010-02-20 06:01:52 ----HDC---- C:\WINDOWS\$NtUninstallQ810833$
2010-02-20 06:01:22 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2010-02-20 06:01:05 ----HDC---- C:\WINDOWS\$NtUninstallQ329441$
2010-02-20 06:00:59 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-20 06:00:49 ----HDC---- C:\WINDOWS\$NtUninstallQ329170$
2010-02-20 06:00:33 ----HDC---- C:\WINDOWS\$NtUninstallQ329115$
2010-02-20 06:00:25 ----HDC---- C:\WINDOWS\$xpsp1hfm$
2010-02-20 06:00:25 ----HDC---- C:\WINDOWS\$NtUninstallQ329390$
2010-02-20 06:00:25 ----D---- C:\a678df18313
2010-02-20 06:00:25 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2010-02-20 01:57:56 ----D---- C:\Program Files\Marvell
2010-02-20 01:56:58 ----D---- C:\Program Files\Intel
2010-02-20 01:56:52 ----A---- C:\WINDOWS\system32\usbui.dll
2010-02-20 01:56:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-20 01:56:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-20 01:56:27 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-20 01:49:51 ----D---- C:\Program Files\ASUS
2010-02-20 01:49:43 ----A---- C:\WINDOWS\uninst.exe
2010-02-20 01:49:09 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-02-20 01:42:01 ----D---- C:\WINDOWS\pss
2010-02-20 01:41:25 ----SHD---- C:\WINDOWS\Installer
2010-02-20 01:41:23 ----D---- C:\Documents and Settings\jason Currington\Application Data\Identities
2010-02-20 01:41:21 ----HD---- C:\Program Files\Uninstall Information
2010-02-20 01:41:09 ----A---- C:\WINDOWS\system32\jit.dll
2010-02-20 01:41:09 ----A---- C:\WINDOWS\system32\javaee.dll
2010-02-20 01:41:09 ----A---- C:\WINDOWS\system32\dx3j.dll
2010-02-20 01:41:09 ----A---- C:\WINDOWS\setdebug.exe
2010-02-20 01:41:05 ----A---- C:\WINDOWS\system32\wjview.exe
2010-02-20 01:41:05 ----A---- C:\WINDOWS\system32\vmhelper.dll
2010-02-20 01:41:05 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\msjava.dll
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\msawt.dll
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\jview.exe
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\javart.dll
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\javaprxy.dll
2010-02-20 01:41:04 ----A---- C:\WINDOWS\system32\javacypt.dll
2010-02-20 01:41:03 ----A---- C:\WINDOWS\system32\clspack.exe
2010-02-20 01:40:55 ----ASH---- C:\Documents and Settings\jason Currington\Application Data\desktop.ini
2010-02-20 01:40:54 ----SD---- C:\Documents and Settings\jason Currington\Application Data\Microsoft
2010-02-20 01:39:12 ----SHD---- C:\System Volume Information
2010-02-20 01:39:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 01:36:55 ----D---- C:\WINDOWS\system32\xircom
2010-02-20 01:36:55 ----D---- C:\Program Files\xerox
2010-02-20 01:36:55 ----D---- C:\Program Files\microsoft frontpage
2010-02-20 01:36:40 ----D---- C:\DELL
2010-02-20 01:36:40 ----A---- C:\WINDOWS\system32\MSJAVX86.EXE
2010-02-20 01:36:28 ----A---- C:\WINDOWS\control.ini
2010-02-20 01:36:28 ----A---- C:\AUTOEXEC.BAT
2010-02-20 01:36:22 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-20 01:36:19 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-20 01:35:35 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-20 01:35:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-20 01:35:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-20 01:35:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-20 01:35:16 ----D---- C:\WINDOWS\srchasst
2010-02-20 01:35:10 ----D---- C:\WINDOWS\system32\Macromed
2010-02-20 01:35:10 ----D---- C:\WINDOWS\system32\DirectX
2010-02-20 01:35:02 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-20 01:35:01 ----D---- C:\Program Files\Movie Maker
2010-02-20 01:34:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-20 01:34:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-20 01:34:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-20 01:34:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-20 01:34:49 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-20 01:34:46 ----A---- C:\WINDOWS\system32\desktop.ini
2010-02-20 01:34:46 ----A---- C:\WINDOWS\desktop.ini
2010-02-20 01:34:42 ----D---- C:\WINDOWS\system32\Restore
2010-02-20 01:34:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-20 01:34:42 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-20 01:34:41 ----D---- C:\Program Files\Windows Media Player
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-20 01:34:41 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-20 01:34:40 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-20 01:34:38 ----D---- C:\WINDOWS\PCHEALTH
2010-02-20 01:34:38 ----D---- C:\Program Files\NetMeeting
2010-02-20 01:34:38 ----D---- C:\Program Files\Common Files\Services
2010-02-20 01:34:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-20 01:34:38 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-20 01:34:38 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-20 01:34:37 ----N---- C:\WINDOWS\system32\inetcomm.dll
2010-02-20 01:34:37 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-20 01:34:34 ----SD---- C:\WINDOWS\Tasks
2010-02-20 01:34:34 ----D---- C:\Program Files\Outlook Express
2010-02-20 01:34:34 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-20 01:34:34 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-20 01:34:34 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-20 01:34:33 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-20 01:34:33 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-20 01:34:33 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-20 01:34:33 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-20 01:34:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-20 01:34:32 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-20 01:34:29 ----D---- C:\Program Files\Common Files\System
2010-02-20 01:34:27 ----D---- C:\Program Files\Internet Explorer
2010-02-20 01:34:00 ----D---- C:\Program Files\ComPlus Applications
2010-02-20 01:33:59 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-20 01:33:59 ----A---- C:\WINDOWS\vb.ini
2010-02-20 01:33:56 ----D---- C:\WINDOWS\Registration
2010-02-20 01:33:51 ----HD---- C:\Program Files\WindowsUpdate
2010-02-20 01:33:51 ----D---- C:\Program Files\Online Services
2010-02-20 01:33:47 ----D---- C:\Program Files\Messenger
2010-02-20 01:33:42 ----D---- C:\Program Files\MSN
2010-02-20 01:33:39 ----D---- C:\Program Files\MSN Gaming Zone
2010-02-20 01:33:39 ----A---- C:\WINDOWS\system32\write.exe
2010-02-20 01:33:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-20 01:33:32 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-20 01:33:31 ----D---- C:\Program Files\Windows NT
2010-02-20 01:33:31 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-20 01:33:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-20 01:33:27 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-20 01:33:26 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-20 01:33:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-20 01:33:24 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-20 01:33:23 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-20 01:33:23 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-20 01:33:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-20 01:33:22 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-20 01:33:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-20 01:33:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-20 01:33:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-20 01:33:21 ----D---- C:\WINDOWS\system32\Com
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-20 01:33:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-20 01:33:20 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-20 01:33:20 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-20 01:33:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-20 01:33:13 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-20 01:33:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-20 01:33:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-20 01:33:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-20 01:33:13 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-02-20 00:45:34 ----N---- C:\WINDOWS\system32\spnpinst.exe
2010-02-20 00:23:07 ----D---- C:\WINDOWS\system32\bits
2010-02-20 00:23:02 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-20 00:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2010-02-20 00:22:53 ----N---- C:\WINDOWS\system32\xpob2res.dll
2010-02-20 00:22:53 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-20 00:22:53 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-20 00:22:53 ----A---- C:\WINDOWS\system32\winhttp.dll
2010-02-20 00:22:53 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-20 00:21:17 ----A---- C:\WINDOWS\system32\wups2.dll
2010-02-20 00:21:17 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-20 00:21:17 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-02-20 00:21:17 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-20 00:21:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-02-20 00:21:16 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-20 00:21:16 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-20 00:20:48 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-20 00:20:17 ----SHD---- C:\RECYCLER
2010-02-20 00:19:48 ----A---- C:\WINDOWS\system32\wpa.bak
2010-02-20 00:08:45 ----D---- C:\Documents and Settings\jason Currington\Application Data\Macromedia
2010-02-20 00:08:45 ----D---- C:\Documents and Settings\jason Currington\Application Data\Adobe
2010-02-20 00:06:56 ----D---- C:\Documents and Settings\jason Currington\Application Data\Mozilla
2010-02-20 00:06:51 ----D---- C:\Program Files\Mozilla Firefox
2010-02-20 00:00:19 ----D---- C:\Program Files\SpeedFan
2010-02-19 17:32:24 ----A---- C:\WINDOWS\system32\h323log.txt
2010-02-19 17:30:08 ----A---- C:\WINDOWS\imsins.BAK
2010-02-19 17:30:04 ----D---- C:\Program Files\Common Files\ODBC
2010-02-19 17:30:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-19 17:30:04 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-19 17:30:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-02-19 17:30:01 ----RD---- C:\Program Files
2010-02-19 17:30:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-19 17:30:01 ----D---- C:\Program Files\Common Files
2010-02-19 17:30:00 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-02-19 17:29:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-02-19 17:29:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-02-19 17:29:58 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-02-19 17:29:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-02-19 17:29:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-02-19 17:29:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-02-19 17:29:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-02-19 17:29:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-02-19 17:29:55 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-02-19 17:29:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-02-19 17:29:52 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-19 17:29:52 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-19 17:29:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-02-19 17:29:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-02-19 17:29:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-02-19 17:29:51 ----A---- C:\WINDOWS\system32\batt.dll
2010-02-19 17:29:50 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-02-19 17:29:50 ----A---- C:\WINDOWS\notepad.exe
2010-02-19 17:29:48 ----A---- C:\WINDOWS\system32\storprop.dll
2010-02-19 17:29:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-02-19 17:29:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 17:29:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-19 17:28:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-19 17:28:51 ----A---- C:\WINDOWS\setuplog.txt
2010-02-19 17:28:48 ----D---- C:\Documents and Settings
2010-02-19 17:28:00 ----RASH---- C:\boot.ini
2010-02-19 17:25:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-19 17:25:35 ----RSD---- C:\WINDOWS\Fonts
2010-02-19 17:25:35 ----RD---- C:\WINDOWS\Web
2010-02-19 17:25:35 ----HD---- C:\WINDOWS\inf
2010-02-19 17:25:35 ----D---- C:\WINDOWS\WinSxS
2010-02-19 17:25:35 ----D---- C:\WINDOWS\twain_32
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Temp
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\wins
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\wbem
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\usmt
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\spool
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\ShellExt
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\Setup
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\ras
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\oobe
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\npp
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\mui
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\IME
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\icsxml
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\ias
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\export
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\drivers
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\dhcp
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\config
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\3com_dmi
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\3076
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\2052
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1054
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1042
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1041
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1037
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1033
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1031
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1028
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32\1025
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system32
2010-02-19 17:25:35 ----D---- C:\WINDOWS\system
2010-02-19 17:25:35 ----D---- C:\WINDOWS\security
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Resources
2010-02-19 17:25:35 ----D---- C:\WINDOWS\repair
2010-02-19 17:25:35 ----D---- C:\WINDOWS\mui
2010-02-19 17:25:35 ----D---- C:\WINDOWS\msapps
2010-02-19 17:25:35 ----D---- C:\WINDOWS\msagent
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Media
2010-02-19 17:25:35 ----D---- C:\WINDOWS\java
2010-02-19 17:25:35 ----D---- C:\WINDOWS\ime
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Help
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Driver Cache
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Debug
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Cursors
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Connection Wizard
2010-02-19 17:25:35 ----D---- C:\WINDOWS\Config
2010-02-19 17:25:35 ----D---- C:\WINDOWS\AppPatch
2010-02-19 17:25:35 ----D---- C:\WINDOWS\addins
2010-02-19 17:25:35 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-03-13 19:54:48 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-03-13 19:54:48 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-20 22:55:34 ----A---- C:\WINDOWS\win.ini
2010-02-20 22:55:34 ----A---- C:\WINDOWS\system.ini
2010-02-20 18:02:27 ----RASH---- C:\NTDETECT.COM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-02-20 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-02-20 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-02-20 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-02-20 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-02-20 217136]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-12-10 357070]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-02-20 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100316.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-12-31 2167552]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-02-20 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-02-20 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-02-20 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-02-20 36400]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-10-23 174336]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-02-20 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-21 153376]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-02-20 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2001-12-31 114755]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-03-25 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-03-26 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-26 166648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-03-25 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 1010424]

-----------------EOF-----------------
Still getting redirect to some paid to surf site
ty please advise
ROCKY
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm

Re: google redirect problems

Unread postby andyspeake » March 18th, 2010, 1:57 pm

Hi,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

MBR Rootkit Detector

Please download MBR Rootkit Detector by GMER and save it to your desktop.

  • Double click on the MBR.exe file to run it.
  • A window will open briefly then close.
  • A log will be produced & saved to the desktop, called MBR.log.
  • Please post the contents of that log in your next reply.

So please post back:
OTL Logs(OTListIt.txt + Extra.txt)
MBR.log
User avatar
andyspeake
Regular Member
 
Posts: 1914
Joined: June 8th, 2007, 9:29 pm
Location: Glasgow, Scotland

Re: google redirect problems

Unread postby jasonc162 » March 18th, 2010, 11:53 pm

I am now communicating from a different pc

My hard drive crashed i think
computer goes to windows xp page with proggress bar (green scrolling )

then a flash of blue screen then restart

after that it goes to screen for selecting start mode

safe mode safe with networking

normal startup ETC.

then you select one it starts to load what looks like a boot log of files and stops
the starts over


if i can reload windows and get going again i will
but for now im back to this dinosaur i had in reserve

ty for all your time and if i get things working again i will request reopen of thread
jasonc162
Active Member
 
Posts: 11
Joined: March 7th, 2010, 3:20 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware