Active Please Help [Infostealer Gamepass]

[Active] Please Help [Infostealer Gamepass]

Hi There,

My Symantec Virus scanner keeps finding Infostealer.Gampass but cant remove it. I am also getting redirected to other sites every time I click on links. I have tried all of the basics and dont know where to go from here.

Can anyone please tell me what to do next?

Les

 

Log 1 As Requested

info.txt logfile of random's system information tool 1.04 2008-12-14 21:07:17

======Uninstall list======

--> "C:\Program Files\HP Games\Beach Party Craze\Uninstall.exe "
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe "
--> "C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe "
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
--> "C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe "
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe "
--> "C:\Program Files\HP Games\Dream Day First Home\Uninstall.exe "
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
--> "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe "
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
--> "C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe "
--> "C:\Program Files\HP Games\Peggle\Uninstall.exe "
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
--> "C:\Program Files\HP Games\Polly Pride Pet Detective\Uninstall.exe "
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe "
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe "
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe "
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
--> "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe "
--> "C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe "
--> "C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe "
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe "
--> "c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites--> "C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced SystemCare 3--> "C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe "
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
Belltech Label Maker Pro 3.2--> "C:\Program Files\Belltech Label Maker\unins000.exe "
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CalorieKing Nutrition and Exercise Manager (remove only)--> "C:\Program Files\CalorieKing Nutrition and Exercise Manager for Windows\uninst.exe "
Canon MP Navigator EX 1.0--> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series--> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
ConvertXtoDVD 3.2.1.55b--> "C:\Program Files\VSO\ConvertX\3\unins000.exe "
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector--> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HD Tune 2.55--> "C:\Program Files\HD Tune\unins000.exe "
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo--> "C:\Windows\unins000.exe "
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1476612-02D6-42A3-BDC1-E292B4115738}\setup.exe" -l0x9 -removeonly
HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate "
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft DirectX 9.0 SDK Update (August 2005)-->MsiExec.exe /I{966A491F-8970-44E0-AC4E-9C845D9013EC}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011F-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
ProShow Producer-->C:\Program Files\Photodex\ProShowProducer\uninst.exe
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Smart Defrag 1.0--> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe "
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR--> "C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml "
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security (outdated)

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft DirectX 9.0 SDK (August 2005)\Utilities\Bin\x86;C:\hp\bin\Python;C:\Program Files\QuickTime\QTSystem
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION "=0f0d
"NUMBER_OF_PROCESSORS "=2
"TRACE_FORMAT_SEARCH_PATH "=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON "=FALSE
"OnlineServices "=Online Services
"Platform "=HPD
"PCBRAND "=Pavilion
"MSWorksProductCode "={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
"DXSDK_DIR "=C:\Program Files\Microsoft DirectX 9.0 SDK (August 2005)\
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Log 2 As Requested

Logfile of random's system information tool 1.04 (written by random/random)
Run by Daddy at 2008-12-14 21:05:43
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 265 GB (57%) free of 466 GB
Total RAM: 3062 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:12 PM, on 14/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe
C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Users\Daddy\Desktop\Malware Help\RSIT.exe
C:\Program Files\trend micro\Daddy.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {C019BCC3-D58B-31E4-89B5-DD2A24831529} - C:\Windows\system32\xwr77639.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6791 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Daddy.job
C:\Windows\tasks\User_Feed_Synchronization-{3647B184-9DB3-4C6E-993B-0CBF699F6AFD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-17 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C019BCC3-D58B-31E4-89B5-DD2A24831529}]
D - C:\Windows\system32\xwr77639.dll [2008-12-07 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp "=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
C:\Windows/61510.exe [2008-09-28 15975328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-04-01 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-04-14 972128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-04-01 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-04-01 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
C:\PROGRA~1\Research In Motion\BlackBerry\Redirector.exe [2008-06-14 1319024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\Research In Motion\BlackBerry\DesktopMgr.exe [2008-06-14 1512720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction "=2
"DontDisplayLogonHoursWarnings "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2008-12-14 21:06:13 ----D---- C:\Program Files\trend micro
2008-12-14 21:05:43 ----D---- C:\rsit
2008-12-12 03:03:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 05:08:38 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 05:08:34 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 05:08:33 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 05:08:23 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 05:08:14 ----A---- C:\Windows\explorer.exe
2008-12-11 05:08:08 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 05:08:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-11 05:08:07 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 05:08:07 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 05:08:07 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 05:08:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 05:08:06 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 05:08:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 05:08:02 ----A---- C:\Windows\system32\mf.dll
2008-12-11 05:08:01 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 05:08:01 ----A---- C:\Windows\system32\logagent.exe
2008-12-08 22:58:06 ----A---- C:\ComboFix.txt
2008-12-08 22:56:42 ----A---- C:\Windows\PSEXESVC.EXE
2008-12-08 22:53:25 ----A---- C:\Windows\zip.exe
2008-12-08 22:53:25 ----A---- C:\Windows\VFIND.exe
2008-12-08 22:53:25 ----A---- C:\Windows\SWXCACLS.exe
2008-12-08 22:53:25 ----A---- C:\Windows\SWSC.exe
2008-12-08 22:53:25 ----A---- C:\Windows\SWREG.exe
2008-12-08 22:53:25 ----A---- C:\Windows\sed.exe
2008-12-08 22:53:25 ----A---- C:\Windows\NIRCMD.exe
2008-12-08 22:53:25 ----A---- C:\Windows\grep.exe
2008-12-08 22:53:25 ----A---- C:\Windows\fdsv.exe
2008-12-08 22:53:16 ----D---- C:\Windows\ERDNT
2008-12-08 22:53:16 ----D---- C:\Qoobox
2008-12-08 22:53:15 ----D---- C:\ComboFix
2008-12-08 22:45:00 ----D---- C:\Users\Daddy\AppData\Roaming\IObit
2008-12-07 16:54:47 ----D---- C:\Program Files\Photodex Presenter
2008-12-07 16:54:16 ----A---- C:\Windows\system32\xa147498.exe
2008-12-07 16:54:15 ----A---- C:\Windows\system32\xa145751.exe
2008-12-07 16:50:26 ----D---- C:\Program Files\CCleaner
2008-12-07 16:38:15 ----A---- C:\Windows\system32\xwr77639.dll
2008-12-07 16:38:15 ----A---- C:\Windows\system32\xa7817693.exe
2008-12-07 16:38:15 ----A---- C:\Windows\system32\wr77639.dll
2008-12-07 16:38:14 ----A---- C:\Windows\system32\xa7816851.exe
2008-12-07 16:36:05 ----D---- C:\Windows\WinRAR
2008-12-07 16:36:05 ----D---- C:\Program Files\WinRAR
2008-12-07 13:19:11 ----D---- C:\Program Files\Photodex
2008-12-07 13:18:56 ----D---- C:\Users\Daddy\AppData\Roaming\Photodex
2008-11-26 06:53:55 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 06:53:54 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 06:53:54 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 06:53:54 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 06:53:53 ----A---- C:\Windows\system32\connect.dll
2008-11-21 12:27:25 ----D---- C:\Program Files\iPod
2008-11-21 12:27:23 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 12:27:23 ----D---- C:\Program Files\iTunes
2008-11-21 12:25:21 ----D---- C:\Program Files\QuickTime
2008-11-19 11:03:08 ----D---- C:\Users\Daddy\AppData\Roaming\Avery
2008-11-19 10:55:45 ----D---- C:\Program Files\Belltech Label Maker
2008-11-19 10:53:39 ----A---- C:\Windows\uninst.exe
2008-11-11 22:25:00 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 22:24:57 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 14:48:51 ----D---- C:\Users\Daddy\AppData\Roaming\dvdcss
2008-11-07 09:19:02 ----D---- C:\Program Files\HD Tune
2008-11-06 23:21:00 ----A---- C:\Windows\system32\wups2.dll
2008-11-06 23:21:00 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-06 23:20:59 ----A---- C:\Windows\system32\wucltux.dll
2008-11-06 23:20:59 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-06 23:20:38 ----A---- C:\Windows\system32\wups.dll
2008-11-06 23:20:38 ----A---- C:\Windows\system32\wudriver.dll
2008-11-06 23:20:38 ----A---- C:\Windows\system32\wuapi.dll
2008-11-06 23:20:32 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-06 23:20:32 ----A---- C:\Windows\system32\wuapp.exe
2008-11-04 21:42:15 ----A---- C:\Windows\system32\EncDec.dll
2008-11-04 21:42:13 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-01 02:29:00 ----D---- C:\ProgramData\WindowsSearch
2008-10-30 11:02:41 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-30 10:38:03 ----D---- C:\ProgramData\Applications
2008-10-29 07:00:33 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 07:00:33 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-29 07:00:32 ----A---- C:\Windows\system32\win32spl.dll
2008-10-23 12:43:04 ----A---- C:\Windows\system32\netapi32.dll
2008-10-22 10:19:07 ----D---- C:\Windows\pss
2008-10-21 13:48:11 ----D---- C:\Program Files\Common Files\aliaswavefront shared
2008-10-21 13:48:11 ----D---- C:\Program Files\Common Files\Alias Shared
2008-10-21 13:47:11 ----D---- C:\Program Files\Microsoft DirectX 9.0 SDK (August 2005)
2008-10-21 13:34:28 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-10-21 13:34:28 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-10-21 13:34:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-10-21 13:34:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-10-21 13:34:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-10-21 13:34:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-10-21 13:34:25 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-10-21 13:34:25 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-10-21 13:34:24 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-10-21 13:34:24 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-10-21 13:34:23 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-10-21 13:34:23 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-10-21 13:34:23 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-10-21 13:34:22 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-10-21 13:34:22 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-10-21 13:34:21 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-10-21 13:34:20 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-10-21 13:34:20 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-10-21 13:34:20 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-10-21 13:34:19 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-10-21 13:34:18 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-10-21 13:34:18 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-10-21 13:34:18 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-10-21 13:34:17 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-10-21 13:34:16 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-10-21 13:34:16 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-10-21 13:34:15 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-10-21 13:34:15 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-10-21 13:34:15 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-10-21 13:34:14 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-10-21 13:34:14 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-10-21 13:34:14 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-10-21 13:34:13 ----A---- C:\Windows\system32\xinput1_3.dll
2008-10-21 13:34:12 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-10-21 13:34:11 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-10-21 13:34:11 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-10-21 13:34:11 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-10-21 13:34:10 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-10-21 13:34:09 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-10-21 13:34:09 ----A---- C:\Windows\system32\d3dx10.dll
2008-10-21 13:34:08 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-10-21 13:34:08 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-21 13:34:08 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-10-21 13:34:07 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-10-21 13:34:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-21 13:34:06 ----A---- C:\Windows\system32\xinput1_2.dll
2008-10-21 13:34:06 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-10-21 13:34:05 ----A---- C:\Windows\system32\xinput1_1.dll
2008-10-21 13:34:04 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-10-21 13:34:02 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-10-21 13:34:02 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-10-21 13:34:02 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-21 13:34:01 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-10-21 13:34:01 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-21 13:34:00 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-21 13:34:00 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-10-21 13:33:59 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-10-21 13:33:59 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-10-21 13:32:20 ----HD---- C:\Windows\msdownld.tmp
2008-10-21 13:32:17 ----D---- C:\Windows\system32\directx
2008-10-18 09:22:40 ----D---- C:\ProgramData\Arcade Lab
2008-10-17 02:01:00 ----D---- C:\Program Files\MSXML 4.0
2008-10-16 21:17:55 ----D---- C:\Users\Daddy\AppData\Roaming\Netscape
2008-10-16 21:17:55 ----D---- C:\Users\Daddy\AppData\Roaming\Mozilla
2008-10-16 07:08:34 ----D---- C:\Users\Daddy\AppData\Roaming\WildTangent
2008-10-15 21:46:17 ----D---- C:\ProgramData\CanonIJPLM
2008-10-15 21:40:28 ----A---- C:\Windows\MAXLINK.INI
2008-10-15 21:40:23 ----D---- C:\ProgramData\InstallShield
2008-10-15 21:40:16 ----D---- C:\Users\Daddy\AppData\Roaming\ScanSoft
2008-10-15 21:39:55 ----D---- C:\ProgramData\ScanSoft
2008-10-15 21:39:55 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-10-15 21:39:37 ----D---- C:\Program Files\ScanSoft
2008-10-15 21:35:24 ----D---- C:\Program Files\Common Files\CANON
2008-10-15 21:32:30 ----HD---- C:\ProgramData\CanonBJ
2008-10-15 21:31:29 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2008-10-15 21:29:58 ----A---- C:\Windows\system32\CNMLM94.DLL
2008-10-15 21:29:35 ----A---- C:\Windows\system32\CNC520O.DLL
2008-10-15 21:29:35 ----A---- C:\Windows\system32\CNC520L.DLL
2008-10-15 21:29:35 ----A---- C:\Windows\system32\CNC520I.DLL
2008-10-15 21:29:34 ----A---- C:\Windows\system32\CNC520C.DLL
2008-10-15 21:29:17 ----HD---- C:\Program Files\CanonBJ
2008-10-15 21:28:25 ----D---- C:\Program Files\Canon
2008-10-15 00:21:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 00:21:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 19:58:42 ----D---- C:\ProgramData\Blizzard
2008-10-14 11:54:22 ----D---- C:\Users\Daddy\AppData\Roaming\Blackberry Desktop
2008-10-14 11:51:09 ----D---- C:\Users\Daddy\AppData\Roaming\Research In Motion
2008-10-14 11:45:18 ----D---- C:\Program Files\Common Files\Research In Motion
2008-10-14 11:45:16 ----D---- C:\Program Files\Research In Motion
2008-10-14 09:21:31 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-10-14 09:20:24 ----D---- C:\Program Files\MSECache
2008-10-14 08:54:45 ----D---- C:\Users\Daddy\AppData\Roaming\fhnetwork.com
2008-10-14 08:44:51 ----D---- C:\Program Files\CalorieKing Nutrition and Exercise Manager for Windows
2008-10-09 12:00:42 ----D---- C:\ProgramData\LightScribe
2008-10-09 10:22:42 ----D---- C:\Users\Daddy\AppData\Roaming\Apple Computer
2008-10-09 10:22:36 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-09 10:22:36 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-09 10:21:54 ----D---- C:\Program Files\Bonjour
2008-10-09 10:21:16 ----D---- C:\ProgramData\Apple Computer
2008-10-09 10:20:43 ----D---- C:\Program Files\Apple Software Update
2008-10-09 10:20:10 ----D---- C:\Program Files\Common Files\Apple
2008-10-09 10:20:09 ----D---- C:\ProgramData\Apple
2008-10-09 10:11:28 ----D---- C:\Users\Daddy\AppData\Roaming\vlc
2008-10-09 10:10:30 ----D---- C:\Program Files\VideoLAN
2008-10-09 10:00:57 ----D---- C:\Users\Daddy\AppData\Roaming\Vso
2008-10-09 10:00:52 ----A---- C:\Windows\system32\wvc1dmod.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\vp7vfw.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\Pncrt.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\drv43260.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\drv33260.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\drv23260.dll
2008-10-09 10:00:52 ----A---- C:\Windows\system32\cook3260.dll
2008-10-09 10:00:52 ----A---- C:\Windows\gdiplus.dll
2008-10-09 10:00:51 ----D---- C:\Program Files\VSO
2008-10-09 09:50:56 ----D---- C:\Program Files\uTorrent
2008-10-09 09:50:45 ----D---- C:\Users\Daddy\AppData\Roaming\uTorrent
2008-10-09 07:24:51 ----D---- C:\Users\Daddy\AppData\Roaming\muvee Technologies
2008-10-09 07:23:08 ----AD---- C:\ProgramData\TEMP
2008-10-09 00:24:01 ----D---- C:\Program Files\Intel
2008-10-09 00:21:50 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-10-09 00:20:51 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-10-09 00:20:51 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-10-09 00:20:51 ----A---- C:\Windows\RtlUpd.exe
2008-10-09 00:20:51 ----A---- C:\Windows\RtHDVCpl.exe
2008-10-09 00:20:43 ----D---- C:\Users\Daddy\AppData\Roaming\WinBatch
2008-10-08 13:05:17 ----D---- C:\Program Files\IObit
2008-10-08 09:02:46 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-08 08:18:02 ----D---- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-10-08 08:17:44 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-10-08 08:17:01 ----A---- C:\Windows\system32\msonpmon.dll
2008-10-08 08:16:02 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-08 08:15:36 ----D---- C:\Windows\PCHEALTH
2008-10-08 08:15:36 ----D---- C:\Program Files\Microsoft.NET
2008-10-08 08:13:35 ----D---- C:\ProgramData\Microsoft Help
2008-10-08 08:13:14 ----RHD---- C:\MSOCache
2008-10-07 22:08:13 ----D---- C:\Users\Daddy\AppData\Roaming\Template
2008-10-07 21:26:27 ----D---- C:\Users\Daddy\AppData\Roaming\Yahoo!
2008-10-07 21:04:51 ----D---- C:\ProgramData\CyberLink
2008-10-07 21:04:50 ----D---- C:\Users\Daddy\AppData\Roaming\CyberLink
2008-10-07 21:03:33 ----D---- C:\Program Files\World of Warcraft
2008-10-07 21:03:33 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-07 20:50:51 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-07 20:50:35 ----D---- C:\Program Files\Windows Live
2008-10-07 20:50:27 ----D---- C:\ProgramData\WLInstaller
2008-10-07 20:50:27 ----A---- C:\Windows\system32\msshooks.dll
2008-10-07 20:50:27 ----A---- C:\Windows\system32\msscb.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\srchadmin.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-07 20:50:25 ----A---- C:\Windows\system32\propsys.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\propdefs.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\msstrc.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\msshsq.dll
2008-10-07 20:50:25 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\wsepno.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\offfilt.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-07 20:50:24 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-07 20:50:23 ----A---- C:\Windows\system32\tquery.dll
2008-10-07 20:50:23 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-07 20:50:23 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-07 20:50:23 ----A---- C:\Windows\system32\mssvp.dll
2008-10-07 20:50:23 ----A---- C:\Windows\system32\mssrch.dll
2008-10-07 20:50:23 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-07 20:50:23 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-07 20:50:22 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-07 20:50:22 ----A---- C:\Windows\system32\mssph.dll
2008-10-07 20:44:47 ----D---- C:\Users\Daddy\AppData\Roaming\Symantec
2008-10-07 20:44:47 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-07 20:44:44 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-07 20:44:35 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-07 20:42:53 ----D---- C:\Users\Daddy\AppData\Roaming\Identities
2008-10-07 20:42:41 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-07 20:42:37 ----A---- C:\Windows\system32\gameux.dll
2008-10-07 20:42:34 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-07 20:42:33 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-07 20:42:26 ----A---- C:\Windows\system32\es.dll
2008-10-07 20:42:25 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-07 20:42:13 ----A---- C:\Windows\system32\kd1394.dll
2008-10-07 20:42:12 ----A---- C:\Windows\system32\winresume.exe
2008-10-07 20:42:12 ----A---- C:\Windows\system32\winload.exe
2008-10-07 20:42:12 ----A---- C:\Windows\system32\ci.dll
2008-10-07 20:42:11 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-07 20:42:11 ----A---- C:\Windows\system32\srcore.dll
2008-10-07 20:42:11 ----A---- C:\Windows\system32\srclient.dll
2008-10-07 20:42:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-10-07 20:42:11 ----A---- C:\Windows\system32\rstrui.exe
2008-10-07 20:42:11 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-07 20:42:01 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-07 20:42:01 ----A---- C:\Windows\system32\dataclen.dll
2008-10-07 20:42:00 ----A---- C:\Windows\system32\cdd.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\wshext.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\wscript.exe
2008-10-07 20:41:58 ----A---- C:\Windows\system32\vbscript.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\scrrun.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\scrobj.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\jscript.dll
2008-10-07 20:41:58 ----A---- C:\Windows\system32\cscript.exe
2008-10-07 20:41:57 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-07 20:41:56 ----A---- C:\Windows\system32\quartz.dll
2008-10-07 20:41:18 ----D---- C:\Program Files\Microsoft Office
2008-10-07 20:40:49 ----D---- C:\Users\Daddy\AppData\Roaming\Macromedia
2008-10-07 20:40:26 ----D---- C:\Program Files\Microsoft Works
2008-10-07 20:40:17 ----D---- C:\Users\Daddy\AppData\Roaming\Adobe
2008-10-07 20:39:59 ----D---- C:\Users\Daddy\AppData\Roaming\Hewlett-Packard
2008-10-07 20:39:33 ----D---- C:\ProgramData\Adobe
2008-10-07 20:39:18 ----D---- C:\Program Files\Common Files\Adobe
2008-10-07 20:39:18 ----D---- C:\Program Files\Adobe
2008-10-07 20:38:48 ----D---- C:\Windows\system32\ENU
2008-10-07 20:38:48 ----A---- C:\Windows\system32\Imsmudlg.exe
2008-10-07 20:38:35 ----D---- C:\Users\Daddy\AppData\Roaming\InstallShield
2008-10-07 20:36:54 ----SD---- C:\Users\Daddy\AppData\Roaming\Microsoft
2008-10-07 20:36:54 ----D---- C:\Users\Daddy\AppData\Roaming\Media Center Programs
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Templates
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Start Menu
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Favorites
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Documents
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Desktop
2008-10-07 20:32:13 ----SHD---- C:\ProgramData\Application Data
2008-10-07 20:32:13 ----SHD---- C:\Documents and Settings
2008-10-07 20:31:52 ----D---- C:\Windows\SoftwareDistribution
2008-10-07 19:45:50 ----SHD---- C:\System Volume Information
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-25 15:11:40 ----A---- C:\Windows\61510.exe

======List of files/folders modified in the last 3 months======

2008-12-14 21:06:34 ----D---- C:\Windows\Temp
2008-12-14 21:06:13 ----RD---- C:\Program Files
2008-12-14 21:04:08 ----D---- C:\Windows\Debug
2008-12-14 21:04:08 ----D---- C:\WINDOWS
2008-12-14 21:03:55 ----D---- C:\Windows\Prefetch
2008-12-14 16:02:00 ----D---- C:\Windows\SMINST
2008-12-14 16:01:24 ----D---- C:\Windows\Logs
2008-12-12 03:31:34 ----D---- C:\Windows\rescache
2008-12-12 03:25:51 ----D---- C:\Windows\winsxs
2008-12-12 03:20:56 ----D---- C:\Windows\System32
2008-12-12 03:20:56 ----D---- C:\Windows\inf
2008-12-12 03:20:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-12 03:15:47 ----D---- C:\Windows\system32\catroot
2008-12-12 03:13:37 ----D---- C:\Program Files\Windows Mail
2008-12-12 03:13:36 ----D---- C:\Windows\AppPatch
2008-12-12 03:13:35 ----D---- C:\Windows\system32\en-US
2008-12-12 03:08:12 ----SHD---- C:\Windows\Installer
2008-12-12 01:50:43 ----D---- C:\Windows\system32\catroot2
2008-12-09 18:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-08 22:56:47 ----A---- C:\Windows\system.ini
2008-12-08 22:55:45 ----D---- C:\Windows\system32\drivers
2008-12-08 22:55:45 ----D---- C:\Program Files\Common Files
2008-12-08 22:45:13 ----D---- C:\Windows\Tasks
2008-12-08 22:45:13 ----D---- C:\Windows\system32\Tasks
2008-11-21 12:27:23 ----HD---- C:\ProgramData
2008-11-12 16:39:41 ----D---- C:\Windows\system32\WDI
2008-11-09 08:07:51 ----D---- C:\Program Files\HP Games
2008-11-07 01:33:14 ----D---- C:\Windows\system32\NDF
2008-11-05 03:07:38 ----D---- C:\Windows\Microsoft.NET
2008-11-05 03:07:20 ----RSD---- C:\Windows\assembly
2008-11-05 03:05:01 ----D---- C:\Windows\ehome
2008-11-03 18:58:26 ----D---- C:\ProgramData\WildTangent
2008-10-30 23:54:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-30 11:06:00 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-30 11:05:59 ----D---- C:\Program Files\MSBuild
2008-10-30 11:05:18 ----SD---- C:\ProgramData\Microsoft
2008-10-21 13:31:54 ----SD---- C:\Windows\Downloaded Program Files
2008-10-21 02:08:40 ----D---- C:\ProgramData\Symantec
2008-10-15 21:44:32 ----RSD---- C:\Windows\Media
2008-10-15 21:39:53 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-15 21:31:27 ----D---- C:\Windows\twain_32
2008-10-15 02:09:57 ----D---- C:\Windows\system32\migration
2008-10-14 09:21:31 ----D---- C:\Program Files\Common Files\System
2008-10-09 10:21:45 ----D---- C:\Program Files\Internet Explorer
2008-10-09 00:27:40 ----D---- C:\Windows\system32\fr-FR
2008-10-09 00:21:26 ----D---- C:\Windows\system32\RTCOM
2008-10-09 00:20:54 ----A---- C:\Windows\DIFxAPI.dll
2008-10-08 12:54:40 ----D---- C:\Program Files\Yahoo!
2008-10-08 12:42:06 ----A---- C:\Windows\win.ini
2008-10-08 09:02:39 ----D---- C:\Windows\ShellNew
2008-10-08 09:02:09 ----RSD---- C:\Windows\Fonts
2008-10-08 06:37:51 ----SHD---- C:\$Recycle.Bin
2008-10-08 06:37:37 ----RD---- C:\Users
2008-10-07 22:15:35 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-07 22:15:34 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-07 20:57:28 ----HD---- C:\hp
2008-10-07 20:54:19 ----D---- C:\Windows\PolicyDefinitions
2008-10-07 20:54:14 ----D---- C:\Windows\system32\Boot
2008-10-07 20:50:03 ----D---- C:\Program Files\Symantec
2008-10-07 20:42:17 ----D---- C:\Windows\system
2008-10-07 20:41:30 ----D---- C:\Windows\system32\LogFiles
2008-10-07 20:39:05 ----D---- C:\Windows\Help
2008-10-07 20:38:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-07 20:38:05 ----RD---- C:\Program Files\Online Services
2008-10-07 20:37:42 ----D---- C:\ProgramData\Hewlett-Packard
2008-10-07 20:32:05 ----D---- C:\Windows\system32\restore
2008-10-07 19:47:15 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-17 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.001\IDSvix86.sys [2008-09-12 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-17 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-02-12 985600]
R3 HSXHWBS3;HSXHWBS3; C:\Windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081206.003\NAVENG.SYS [2008-11-11 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081206.003\NAVEX15.SYS [2008-11-11 876112]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-09 47360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-07 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-12 661504]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2008-12-07 181312]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-17 1245064]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

 

Welcome to WindowsBBS bigtune

Please delete the copy of ComboFix you currently have. Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Part 1 New Log as requested - sorry for delay, was away.

addy 2008-12-20 9:53:54.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1838 [GMT -5:00]
Running from: c:\users\Daddy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-20 09:42 . 2008-12-20 09:42 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-16 21:31 . 2008-12-16 21:31 <DIR> d-------- c:\users\Joni\AppData\Roaming\Apple Computer
2008-12-16 21:27 . 2008-12-16 21:27 <DIR> d-------- c:\users\Joni\AppData\Roaming\vlc
2008-12-16 19:51 . 2008-12-18 03:05 <DIR> d-------- c:\users\Joni\AppData\Roaming\uTorrent
2008-12-16 19:49 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Searches
2008-12-16 19:49 . 2008-12-16 19:49 <DIR> d-------- c:\users\Joni\AppData\Roaming\Symantec
2008-12-16 19:49 . 2008-12-16 19:49 <DIR> d-------- c:\users\Joni\AppData\Roaming\Hewlett-Packard
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Videos
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Saved Games
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Pictures
2008-12-16 19:48 . 2008-12-16 21:34 <DIR> dr------- c:\users\Joni\Music
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Links
2008-12-16 19:48 . 2008-12-16 20:32 <DIR> dr------- c:\users\Joni\Downloads
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> dr------- c:\users\Joni\Documents
2008-12-16 19:48 . 2008-12-16 19:48 <DIR> dr------- c:\users\Joni\Contacts
2008-12-16 19:48 . 2006-11-02 07:37 <DIR> d-------- c:\users\Joni\AppData\Roaming\Media Center Programs
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> d--h----- c:\users\Joni\AppData
2008-12-16 19:48 . 2008-12-16 19:49 <DIR> d-------- c:\users\Joni
2008-12-14 21:06 . 2008-12-14 21:07 <DIR> d-------- c:\program files\trend micro
2008-12-14 21:05 . 2008-12-14 21:07 <DIR> d-------- C:\rsit
2008-12-12 08:10 . 2008-12-12 08:10 <DIR> d-------- c:\users\PizzaPia\AppData\Roaming\fhnetwork.com
2008-12-12 08:06 . 2008-12-12 08:06 <DIR> d-------- c:\users\PizzaPia\AppData\Roaming\Canon
2008-12-12 03:03 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 19:27 . 2008-12-10 19:27 <DIR> d-------- c:\users\PizzaPia\AppData\Roaming\Photodex
2008-12-08 22:45 . 2008-12-08 22:45 <DIR> d-------- c:\users\Daddy\AppData\Roaming\IObit
2008-12-07 16:54 . 2008-12-07 16:54 <DIR> d-------- c:\program files\Photodex Presenter
2008-12-07 16:54 . 2008-12-07 16:54 17,071,160 --a------ c:\windows\System32\xa147498.exe
2008-12-07 16:54 . 2008-12-07 16:54 17,071,160 --a------ c:\windows\System32\xa145751.exe
2008-12-07 16:50 . 2008-12-07 16:50 <DIR> d-------- c:\program files\CCleaner
2008-12-07 16:41 . 2008-12-07 16:58 256 --a------ c:\windows\System32\pool.bin
2008-12-07 16:38 . 2008-12-07 16:38 17,071,160 --a------ c:\windows\System32\xa7817693.exe
2008-12-07 16:38 . 2008-12-07 16:38 17,071,160 --a------ c:\windows\System32\xa7816851.exe
2008-12-07 16:38 . 2008-12-07 16:38 172,032 --a------ c:\windows\System32\xwr77639.dll
2008-12-07 16:38 . 2008-12-07 16:38 172,032 --a------ c:\windows\System32\wr77639.dll
2008-12-07 16:36 . 2008-12-07 16:36 <DIR> d-------- c:\windows\WinRAR
2008-12-07 13:19 . 2008-12-07 16:54 <DIR> d-------- c:\program files\Photodex
2008-12-07 13:18 . 2008-12-07 13:18 <DIR> d-------- c:\users\Daddy\AppData\Roaming\Photodex
2008-11-26 06:53 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 06:53 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 06:53 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 06:53 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 06:53 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-21 12:27 . 2008-11-21 12:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 12:27 . 2008-11-21 12:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 12:27 . 2008-11-21 12:27 <DIR> d-------- c:\program files\iTunes
2008-11-21 12:27 . 2008-11-21 12:27 <DIR> d-------- c:\program files\iPod
2008-11-21 12:25 . 2008-11-21 12:25 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 14:37 --------- d-----w c:\users\Daddy\AppData\Roaming\Vso
2008-12-15 02:48 --------- d-----w c:\programdata\CanonIJPLM
2008-12-15 01:59 --------- d-----w c:\users\Daddy\AppData\Roaming\uTorrent
2008-12-12 08:13 --------- d-----w c:\program files\Windows Mail
2008-12-12 08:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 03:44 --------- d-----w c:\program files\IObit
2008-12-07 18:27 --------- d---a-w c:\programdata\TEMP
2008-11-21 17:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 16:03 --------- d-----w c:\users\Daddy\AppData\Roaming\Avery
2008-11-19 15:55 --------- d-----w c:\program files\Belltech Label Maker
2008-11-16 17:29 --------- d-----w c:\users\Daddy\AppData\Roaming\dvdcss
2008-11-09 13:10 --------- d-----w c:\users\PizzaPia\AppData\Roaming\iWin
2008-11-09 13:07 --------- d-----w c:\program files\HP Games
2008-11-07 23:46 --------- d-----w c:\users\PizzaPia\AppData\Roaming\Apple Computer
2008-11-07 14:19 --------- d-----w c:\program files\HD Tune
2008-11-03 23:58 --------- d-----w c:\programdata\WildTangent
2008-11-01 07:29 --------- d-----w c:\programdata\WindowsSearch
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 04:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-30 16:05 --------- d-----w c:\program files\MSBuild
2008-10-30 16:02 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-30 15:38 --------- d-----w c:\programdata\Applications
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 23:37 704 ----a-w c:\users\Daddy\AppData\Roaming\wklnhst.dat
2008-10-21 18:48 --------- d-----w c:\program files\Microsoft DirectX 9.0 SDK (August 2005)
2008-10-21 18:48 --------- d-----w c:\program files\Common Files\aliaswavefront shared
2008-10-21 18:48 --------- d-----w c:\program files\Common Files\Alias Shared
2008-10-21 07:08 --------- d-----w c:\programdata\Symantec
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-09 15:00 47,360 ----a-w c:\users\Daddy\AppData\Roaming\pcouffin.sys
2008-10-09 05:20 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 10:21 15,975,328 ----a-w c:\windows\61510.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_22.57.11.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-21 17:27:44 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-12-17 02:31:02 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
- 2008-11-12 08:02:04 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-12 08:08:12 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-12 08:05:43 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 08:00:31 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-11-12 08:05:11 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-12 08:07:50 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-12 08:05:11 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-12 08:07:51 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-12 08:05:11 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 08:07:51 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-12 08:05:11 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-12 08:07:51 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-12 08:05:11 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-12 08:07:51 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-12 08:05:11 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-12 08:07:50 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-12 08:05:11 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-12 08:07:51 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-12 08:05:11 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-12 08:07:51 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-12 08:05:11 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-12 08:07:51 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-12 08:05:11 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-12 08:07:50 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-11-12 08:05:23 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-12 08:08:02 1,165,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-12 08:05:23 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-12 08:08:02 20,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-12 08:05:23 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-12 08:08:02 159,504 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-12 08:05:23 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-12 08:08:02 184,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-12 08:05:23 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 08:08:02 217,864 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-12 08:05:23 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-12 08:08:02 18,704 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-12 08:05:23 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-12 08:08:02 35,088 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-12 08:05:23 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-12 08:08:02 845,584 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-12 08:05:23 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-12 08:08:02 922,384 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-12 08:05:23 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-12 08:08:02 272,648 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-12 08:05:23 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-12 08:08:02 888,080 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-12 08:05:23 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-12 08:08:02 1,172,240 ----a-r c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-20 14:42:53 29,316 ----a-r c:\windows\Installer\{95120000-0120-0409-0000-0000000FF1CE}\olc_setup.exe
- 2008-12-08 04:24:12 220,400 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-18 08:05:51 446,088 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-08 05:01:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-18 08:07:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-08 05:01:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-18 08:07:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-09 03:56:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-18 08:09:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-18 08:09:21 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-08 01:57:08 2,637,641 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-12-12 08:16:05 2,637,641 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-12-09 03:56:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-19 15:50:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-19 15:50:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-08 14:31:10 381,832 ----a-w c:\windows\SoftwareDistribution\Download\Install\mpas-d.exe
- 2008-12-09 03:45:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-20 14:45:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-09 03:45:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 14:45:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-09 03:45:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-20 14:45:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-09 03:54:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-20 14:53:42 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-15 07:11:43 409,224 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-17 02:32:56 407,136 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-02 03:49:14 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-02 03:49:14 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2008-01-21 02:25:16 94,720 ----a-w c:\windows\System32\logagent.exe
+ 2008-06-23 01:58:43 94,720 ----a-w c:\windows\System32\logagent.exe
- 2008-01-21 02:25:17 2,867,712 ----a-w c:\windows\System32\mf.dll
+ 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\System32\mf.dll
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe
- 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-02 03:49:16 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
- 2008-12-08 05:06:51 106,292 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-18 08:12:21 106,292 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-08 05:06:51 602,846 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-18 08:12:21 602,846 ----a-w c:\windows\System32\perfh009.dat
- 2008-04-24 04:58:20 11,580,416 ----a-w c:\windows\System32\shell32.dll
+ 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\System32\shell32.dll
- 2008-11-27 08:06:57 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-18 08:05:58 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
- 2008-12-08 05:03:04 5,388 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-758579274-818197688-3693152335-1000_UserData.bin
+ 2008-12-10 20:54:14 5,396 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-758579274-818197688-3693152335-1000_UserData.bin
- 2008-12-08 05:03:03 69,236 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-17 02:35:01 69,260 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-08 05:03:03 43,880 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-10 20:54:13 43,896 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 02:25:16 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
+ 2008-06-23 01:59:26 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
- 2008-01-21 02:25:16 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL
+ 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL
- 2008-11-26 11:53:50 28,274,501 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-18 08:00:29 47,144,229 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-01 03:33:48 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16772_none_7fd1ee2663d3b893\Apphlpdm.dll
+ 2008-11-01 03:24:17 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20949_none_8082fea17cd2b312\Apphlpdm.dll
+ 2008-11-01 03:44:34 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18165_none_81c5fd9660ef7998\Apphlpdm.dll
+ 2008-10-31 03:35:04 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22299_none_82332bc57a21d291\Apphlpdm.dll
+ 2008-10-31 23:23:42 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16772_none_09f24c89f55cce48\AcRes.dll
+ 2008-10-31 23:23:36 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20949_none_0aa35d050e5bc8c7\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18165_none_0be65bf9f2788f4d\AcRes.dll
+ 2008-10-31 01:05:22 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22299_none_0c538a290baae846\AcRes.dll
+ 2008-11-01 03:33:48 2,144,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16772_none_09f44d1df55b00f6\AcGenral.dll
+ 2008-11-01 03:24:15 2,144,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20949_none_0aa55d990e59fb75\AcGenral.dll
+ 2008-11-01 03:44:34 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df276c1fb\AcGenral.dll
+ 2008-10-31 03:35:04 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22299_none_0c558abd0ba91af4\AcGenral.dll
+ 2008-11-01 03:33:48 449,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16772_none_09f54d67f55a1a4d\AcSpecfc.dll
+ 2008-11-01 03:24:15 450,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20949_none_0aa65de30e5914cc\AcSpecfc.dll
+ 2008-11-01 03:44:34 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18165_none_0be95cd7f275db52\AcSpecfc.dll
+ 2008-10-31 03:35:04 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22299_none_0c568b070ba8344b\AcSpecfc.dll
+ 2008-11-01 03:33:48 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcLayers.dll
+ 2008-11-01 03:33:48 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcXtrnal.dll
+ 2008-11-01 03:24:15 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcLayers.dll
+ 2008-11-01 03:24:15 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcXtrnal.dll
+ 2008-11-01 03:44:34 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcLayers.dll
+ 2008-11-01 03:44:34 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcXtrnal.dll
+ 2008-10-31 03:35:04 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcLayers.dll
+ 2008-10-31 03:35:04 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcXtrnal.dll
+ 2008-10-16 04:40:33 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16764_none_a9a84a59f5d70728\advpack.dll
+ 2008-10-16 04:19:25 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20937_none_aa5559ad0ed99c4b\advpack.dll
+ 2008-10-29 06:20:29 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
+ 2008-10-28 02:15:02 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
+ 2008-10-29 06:29:41 2,927,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
+ 2008-10-30 03:59:17 2,927,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
+ 2008-11-01 03:33:49 1,687,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\gameux.dll
+ 2008-10-31 23:38:08 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\GameUXLegacyGDFs.dll
+ 2008-11-01 03:25:02 1,686,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\gameux.dll
+ 2008-10-31 23:38:11 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\gameux.dll
+ 2008-11-01 01:21:40 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\GameUXLegacyGDFs.dll
+ 2008-10-31 03:35:06 1,696,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\gameux.dll
+ 2008-10-31 01:17:43 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\GameUXLegacyGDFs.dll
+ 2008-10-21 05:16:20 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\gdi32.dll
+ 2008-10-21 05:07:18 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20940_none_57f6cc3d65690456\gdi32.dll
+ 2008-10-21 05:25:18 296,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\gdi32.dll
+ 2008-10-21 05:21:43 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22291_none_59a7f9ab62b73d2c\gdi32.dll
+ 2008-10-16 04:40:37 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16764_none_eba35409166fed27\pngfilt.dll
+ 2008-10-16 04:23:20 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20937_none_ec50635c2f72824a\pngfilt.dll
+ 2008-10-16 04:40:37 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll
+ 2008-10-16 04:23:50 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll
+ 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll
+ 2008-10-16 04:38:28 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll
+ 2008-10-16 04:40:36 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16764_none_dea28b847f7923fa\mstime.dll
+ 2008-10-16 04:22:03 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20937_none_df4f9ad7987bb91d\mstime.dll
+ 2008-10-16 04:47:32 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18157_none_e0969af47c94e4ff\mstime.dll
+ 2008-10-16 04:38:25 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22288_none_e100c84595c9f1f3\mstime.dll
+ 2008-10-21 23:31:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzres.dll
+ 2008-10-22 03:43:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzupd.exe
+ 2008-10-21 23:30:56 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzres.dll
+ 2008-10-22 01:13:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzupd.exe
+ 2008-10-22 01:22:11 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzres.dll
+ 2008-01-21 02:23:44 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzupd.exe
+ 2008-10-22 01:04:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzres.dll
+ 2008-10-22 03:34:43 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzupd.exe
+ 2008-10-16 04:40:35 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\jsproxy.dll
+ 2008-10-16 04:40:37 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
+ 2008-10-16 04:40:37 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\WininetPlugin.dll
+ 2008-10-16 04:20:49 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\jsproxy.dll
+ 2008-10-16 04:24:00 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
+ 2008-10-16 04:24:00 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\WininetPlugin.dll
+ 2008-10-16 04:47:30 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\jsproxy.dll
+ 2008-10-16 04:47:35 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WininetPlugin.dll
+ 2008-10-16 04:38:24 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\jsproxy.dll
+ 2008-10-16 04:38:28 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
+ 2008-10-16 04:38:28 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\WininetPlugin.dll
+ 2008-01-21 02:24:21 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dat
+ 2008-10-16 04:40:34 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dll
+ 2008-01-21 02:24:21 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dat
+ 2008-10-16 04:20:23 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dll
+ 2008-10-16 04:40:34 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtmsft.dll
+ 2008-10-16 04:40:34 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtrans.dll
+ 2008-10-16 04:20:03 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtmsft.dll
+ 2008-10-16 04:20:03 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtrans.dll
+ 2008-10-16 04:40:35 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16764_none_4605ce47466b3e2c\mshtmled.dll
+ 2008-10-16 04:21:41 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20937_none_46b2dd9a5f6dd34f\mshtmled.dll
+ 2008-10-16 04:40:35 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll
+ 2008-12-12 05:45:18 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
+ 2008-10-16 04:21:40 3,595,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll
+ 2008-12-12 05:40:02 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
+ 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
+ 2008-10-16 04:38:25 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll
+ 2008-12-12 05:47:44 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
+ 2008-10-16 04:40:34 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16764_none_587864466744805d\icardie.dll
+ 2008-10-16 04:20:23 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20937_none_5925739980471580\icardie.dll
+ 2008-10-16 04:40:06 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\ieUnatt.exe
+ 2008-10-16 04:42:58 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
+ 2008-10-16 02:13:16 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\ieUnatt.exe
+ 2008-10-16 04:27:53 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
+ 2008-10-16 04:40:34 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\iertutil.dll
+ 2008-10-16 04:40:37 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\sqmapi.dll
+ 2008-10-16 04:20:24 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\iertutil.dll
+ 2008-10-16 04:23:41 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\sqmapi.dll
+ 2008-10-16 04:47:29 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\iertutil.dll
+ 2008-01-21 02:24:28 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\sqmapi.dll
+ 2008-10-16 04:38:24 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\iertutil.dll
+ 2008-10-16 04:38:27 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\sqmapi.dll
+ 2008-10-16 04:40:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\ie4uinit.exe
+ 2008-10-16 04:40:34 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iernonce.dll
+ 2008-10-16 04:40:34 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iesetup.dll
+ 2008-10-16 02:13:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\ie4uinit.exe
+ 2008-10-16 04:20:24 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iernonce.dll
+ 2008-10-16 04:20:24 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iesetup.dll
+ 2008-10-16 04:40:34 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16764_none_29d2b074682f9803\iebrshim.dll
+ 2008-11-01 03:33:49 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16772_none_29c5dff468398146\iebrshim.dll
+ 2008-10-16 04:20:23 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20937_none_2a7fbfc781322d26\iebrshim.dll
+ 2008-11-01 03:25:13 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20949_none_2a76f06f81387bc5\iebrshim.dll
+ 2008-11-01 03:44:36 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.18165_none_2bb9ef646555424b\iebrshim.dll
+ 2008-10-31 03:35:06 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.22299_none_2c271d937e879b44\iebrshim.dll
+ 2008-10-16 04:40:34 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieframe.dll
+ 2008-10-16 04:40:34 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieui.dll
+ 2008-10-16 04:20:24 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieframe.dll
+ 2008-10-16 04:20:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieui.dll
+ 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieframe.dll
+ 2008-01-21 02:24:41 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieui.dll
+ 2008-10-16 04:38:24 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieframe.dll
+ 2008-10-16 04:38:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieui.dll
+ 2008-10-16 04:40:06 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16764_none_e678bdfe94a8d6b9\ieinstal.exe
+ 2008-10-16 02:13:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20937_none_e725cd51adab6bdc\ieinstal.exe
+ 2008-10-16 04:40:06 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16764_none_0b20f31ad723966b\ieuser.exe
+ 2008-10-16 02:13:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20937_none_0bce026df0262b8e\ieuser.exe
+ 2008-06-23 01:52:48 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mf.dll
+ 2008-06-22 22:34:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mferror.dll
+ 2008-06-23 01:52:18 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfpmp.exe
+ 2008-06-23 01:52:48 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfps.dll
+ 2008-06-23 01:52:29 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\rrinstaller.exe
+ 2008-06-23 01:45:58 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mf.dll
+ 2008-06-22 22:30:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mferror.dll
+ 2008-06-22 23:56:54 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfpmp.exe
+ 2008-06-23 01:46:00 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfps.dll
+ 2008-06-22 23:56:20 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\rrinstaller.exe
+ 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mf.dll
+ 2006-11-02 12:35:51 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mferror.dll
+ 2008-01-21 02:25:17 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfpmp.exe
+ 2008-01-21 02:25:17 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfps.dll
+ 2008-01-21 02:25:17 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\rrinstaller.exe
+ 2008-06-23 01:41:40 2,868,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mf.dll
+ 2008-06-23 00:00:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mferror.dll
+ 2008-06-23 00:01:07 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfpmp.exe
+ 2008-06-23 01:39:32 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfps.dll
+ 2008-06-23 00:00:33 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\rrinstaller.exe
+ 2008-06-23 01:52:15 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.16708_none_e96251c7c4db0f0d\logagent.exe
+ 2008-06-22 23:58:14 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.20864_none_e9a70de2de2cf121\logagent.exe
+ 2008-06-23 01:58:43 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.18096_none_eae53ea7c24c6ba2\logagent.exe
+ 2008-06-23 00:02:10 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.22208_none_ebd22d38db1f3fc8\logagent.exe
+ 2008-06-23 01:52:51 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.16708_none_4567bba6c17416fd\WMNetMgr.dll
+ 2008-06-23 01:49:03 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.20864_none_45ac77c1dac5f911\WMNetMgr.dll
+ 2008-06-23 01:59:26 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.18096_none_46eaa886bee57392\WMNetMgr.dll
+ 2008-06-23 01:42:23 996,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.22208_none_47d79717d7b847b8\WMNetMgr.dll
+ 2008-06-23 01:52:51 2,433,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16708_none_0554495dd8a9b82d\WMVCORE.DLL
+ 2008-06-23 01:49:11 2,436,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578f1fb9a41\WMVCORE.DLL
+ 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18096_none_06d7363dd61b14c2\WMVCORE.DLL
+ 2008-06-23 01:41:43 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22208_none_07c424ceeeede8e8\WMVCORE.DLL
+ 2008-11-11 23:21:19 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16776_none_f05c2fac6e871afe\OESpamFilter.dat
+ 2008-11-11 23:22:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20954_none_f0f96da187964d5f\OESpamFilter.dat
+ 2008-11-11 23:23:20 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18169_none_f2503f1c6ba2dc03\OESpamFilter.dat
+ 2008-11-11 23:23:01 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22307_none_f318bcc184919ea0\OESpamFilter.dat
+ 2008-11-06 12:57:06 11,315,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll
+ 2008-11-06 12:59:14 11,320,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
+ 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
+ 2008-11-06 12:59:27 11,582,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
.
-- Snapshot reset to current date --

 

New Part 2 - As requested. Thanks!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C019BCC3-D58B-31E4-89B5-DD2A24831529}]
2008-12-07 16:38 172032 --a------ c:\windows\system32\xwr77639.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm

[HKLM\~\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=c:\users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
--a------ 2008-09-28 05:21 15975328 c:\windows\61510.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 11:50 1603152 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 11:01 644696 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-10-17 14:52 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-20 21:25 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-04-01 09:41 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 18:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2008-04-14 19:58 972128 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 10:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2008-06-02 17:50 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-04-01 09:41 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 11:02 79400 c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-04-01 09:41 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-20 21:23 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-04-07 04:56 132760 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-20 21:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
--a------ 2006-11-02 07:35 176128 c:\windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-07-03 10:27 6266880 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4DF3AD67-35C3-4D49-B6C6-B1862E97558E} "= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9960ADF1-3E42-474E-8E5B-AEEAF826BF66} "= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{A34807F8-108E-4FDC-8615-9A54BCAB3A8C} "= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{2D3C4606-D7C8-44DA-9803-6EDA6BE02AEE} "= UDP:c:\program files\World of Warcraft\Repair.exe:World of Warcraft - Repair
"{E5E10C1B-01EA-444E-BD01-A56EFBEF0FB5} "= TCP:c:\program files\World of Warcraft\Repair.exe:World of Warcraft - Repair
"{0DBAAAC0-ECD0-4E09-902F-308551073817} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FE1E76B7-4781-4A59-9172-B6337C0AA233} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2985350-062E-4014-9B51-53E29B4DDC0F} "= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{73D8FBAE-485C-4BE5-98D0-29414CB622B2} "= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{E6D4F160-F9BE-4248-BB73-0CD7B4DAB9FA} "= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{48057F97-2C23-4973-A254-DAEFF82FAE75} "= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{01461F45-B1E9-4F6D-9D0B-92BCF4CC009A} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BB6E49E7-20BF-4976-A753-6BFBDF379F24} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4850D951-4B79-4908-A7DB-DE6897542861} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D741C66B-6266-4E7E-A7F7-37C606FF273E} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8155D3AC-E07A-4B8E-9954-A7F2CEB2499E} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{183505A2-FE98-406F-AFB7-5BCB2138233C} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.001\IDSvix86.sys [2008-12-05 270384]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-06 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-08 99376]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-05-17 207360]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 16:11]

2008-12-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Daddy.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-06 19:05]

2008-12-20 c:\windows\Tasks\User_Feed_Synchronization-{3647B184-9DB3-4C6E-993B-0CBF699F6AFD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 21:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 09:56:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-20 12:37:20
ComboFix-quarantined-files.txt 2008-12-20 17:37:16
ComboFix2.txt 2008-12-09 03:58:06

Pre-Run: 273,129,205,760 bytes free
Post-Run: 309,666,521,088 bytes free

543 --- E O F --- 2008-12-19 07:14:21

 

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Collect::[22]
c:\windows\System32\xa147498.exe
c:\windows\System32\xa145751.exe
c:\windows\System32\xa7817693.exe
c:\windows\System32\xa7816851.exe
c:\windows\System32\xwr77639.dll
c:\windows\System32\wr77639.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C019BCC3-D58B-31E4-89B5-DD2A24831529}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

I also recommend you turn UAC and the Windows Firewall back on, and steer clear of P2P apps. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.