virus problem

Bob39Bob39
edited April 2009 in Spyware & Virus Removal
Hi,
My dad downloaded something off the internet, and now my computer seems to have MS Antivirus 2009 running on it, which i am pretty sure is a virus. I would appreciate any help you could give to delete this. I've posted my hijack this log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:49 PM, on 08/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\explorer3.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Simply Accounting Accountants' Edition 2007\winsim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=explorer3.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219723180500
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219977803970&h=0aa85d89b7cfe1760c50663465a5c51a/&filename=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12953 bytes


Thanks
Bob39

Comments

  • KatanaKatana
    edited April 2009
    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe



    Submit a File For Analysis
    We need to have the files below Scanned by Uploading them/it to Virus Total

    Please visit Virustotal
    Copy/paste the the following file path into the window
    C:\WINDOWS\system32\userinit.exe
    Click Submit/Send File
    Please post back, to let me know the results.

    Please do the same for the following file
    C:\WINDOWS\explorer3.exe

    If Virustotal is too busy please try Jotti



    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • Bob39Bob39
    edited April 2009
    Thanks for your fast replies. I did what you said, and posted the results below:

    C:\WINDOWS\system32\userinit.exe:

    Antivirus Version Last Update Result a-squared4.0.0.1012009.04.10-AhnLab-V35.0.0.22009.04.10-AntiVir7.9.0.1382009.04.09TR/Angel.NJAntiy-AVL2.0.3.12009.04.09-Authentium5.1.2.42009.04.09-Avast4.8.1335.02009.04.09-AVG8.5.0.2852009.04.10-BitDefender7.22009.04.10-CAT-QuickHeal10.002009.04.09-ClamAV0.94.12009.04.09-Comodo11072009.04.09-DrWeb4.44.0.091702009.04.09-eSafe7.0.17.02009.04.07Suspicious FileeTrust-Vet31.6.64482009.04.10-F-Prot4.4.4.562009.04.09-F-Secure8.0.14470.02009.04.09-Fortinet3.117.0.02009.04.09-GData192009.04.10-IkarusT3.1.1.49.02009.04.10-K7AntiVirus7.10.6982009.04.09-Kaspersky7.0.0.1252009.04.10-McAfee55792009.04.09-McAfee+Artemis55792009.04.09Generic!ArtemisMcAfee-GW-Edition6.7.62009.04.09Trojan.Angel.NJMicrosoft1.45022009.04.09-NOD3239982009.04.10-Norman6.00.062009.04.09-nProtect2009.1.8.02009.04.10-Panda10.0.0.142009.04.09-PCTools4.4.2.02009.04.08-Prevx1V22009.04.10-Rising21.24.32.002009.04.09-Sophos4.40.02009.04.10Mal/EncPk-HJSunbelt3.2.1858.22009.04.10-Symantec1.4.4.122009.04.10-TheHacker6.3.4.0.3052009.04.09-TrendMicro8.700.0.10042009.04.10-VBA323.12.10.22009.04.09suspected of Malware-Cryptor.Win32.General.3ViRobot2009.4.7.16862009.04.09-VirusBuster4.6.5.02009.04.09-

    C:\WINDOWS\explorer3.exe:

    For some reason, this didn't work with virustotal. it gave me an error stating: "
    Please report failure as: ErrorTime= "Apr 10 04:17:34"

    It worked on Jotti, and i've posted the results:


    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Quick Heal Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Goraya Family at 2009-04-09 22:24:52
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 58 GB (51%) free of 114 GB
    Total RAM: 1527 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:56 PM, on 09/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
    C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\explorer3.exe
    C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Rogers\SelfHealing\shs.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero8\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Goraya Family\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Goraya Family.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca//
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=explorer3.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219723180500
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219977803970&h=0aa85d89b7cfe1760c50663465a5c51a/&filename=jinstall-6u7-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
    O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 12935 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Goraya Family.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
    ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-24 116088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
    {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "D-Link Wireless G WDA-1320"=C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe [2007-08-29 1662976]
    "ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
    "YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2008-06-03 509224]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
    "osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2007-08-28 714608]
    "Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2008-05-16 2733416]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-06 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-06 118784]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
    "SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2008-06-10 2049320]
    "InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2008-06-10 1083176]
    "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
    "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
    "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "LiveMonitor"=C:\Program Files\MSI\Live Update 3\LMonitor.exe [2008-04-30 498176]
    "UDC Integration"= []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
    "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-06-06 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0
    "NoFolderOptions"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "NoDriveAutoRun"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-04-09 22:24:52 ----D---- C:\rsit
    2009-04-08 17:38:46 ----D---- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
    2009-03-19 21:10:29 ----D---- C:\Documents and Settings\Goraya Family\Application Data\Vso
    2009-03-19 21:10:29 ----A---- C:\Documents and Settings\Goraya Family\Application Data\inst.exe
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\Pncrt.dll
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\drv43260.dll
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\drv33260.dll
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\drv23260.dll
    2009-03-19 21:10:19 ----A---- C:\WINDOWS\system32\cook3260.dll
    2009-03-19 21:10:18 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
    2009-03-19 21:10:18 ----A---- C:\WINDOWS\gdiplus.dll
    2009-03-19 21:10:16 ----D---- C:\Program Files\VSO
    2009-03-12 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-12 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-12 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

    ======List of files/folders modified in the last 1 months======

    2009-04-09 22:20:20 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-09 21:37:57 ----D---- C:\WINDOWS\Temp
    2009-04-09 21:17:31 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-04-09 21:00:20 ----A---- C:\Documents and Settings\All Users\Application Data\updateinfo.txt
    2009-04-09 21:00:16 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-09 06:59:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-09 06:49:02 ----A---- C:\WINDOWS\BRWMARK.INI
    2009-04-09 06:49:02 ----A---- C:\WINDOWS\BRPP2KA.INI
    2009-04-09 00:05:22 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-04-08 21:23:45 ----D---- C:\WINDOWS\Prefetch
    2009-04-08 19:12:20 ----A---- C:\WINDOWS\ODBC.INI
    2009-04-08 19:12:19 ----D---- C:\Simply Data
    2009-04-08 17:38:52 ----D---- C:\WINDOWS\system32
    2009-04-08 17:38:35 ----A---- C:\WINDOWS\system32\userinit.exe
    2009-04-04 17:42:09 ----D---- C:\Program Files\SikhiToTheMAX II
    2009-04-04 17:30:00 ----D---- C:\WINDOWS
    2009-03-25 18:41:53 ----D---- C:\Documents and Settings\Goraya Family\Application Data\uTorrent
    2009-03-23 07:25:33 ----D---- C:\Documents and Settings\Goraya Family\Application Data\Adobe
    2009-03-19 21:10:41 ----HD---- C:\WINDOWS\inf
    2009-03-19 21:10:41 ----D---- C:\WINDOWS\system32\drivers
    2009-03-19 21:10:16 ----RD---- C:\Program Files
    2009-03-19 20:02:46 ----D---- C:\CG Design
    2009-03-12 17:06:51 ----A---- C:\WINDOWS\win.ini
    2009-03-12 07:08:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-12 03:20:28 ----SHD---- C:\Config.Msi
    2009-03-12 03:03:07 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-12 03:03:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-12 03:01:52 ----SHD---- C:\WINDOWS\Installer
    2009-03-12 03:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-03-11 09:57:28 ----HD---- C:\WINDOWS\$hf_mig$

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-06-10 38952]
    R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-06-10 40488]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
    R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
    R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
    R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
    R2 wntpport;wntpport; C:\WINDOWS\system32\drivers\wntpport.sys [2001-01-19 28416]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 547744]
    R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 327808]
    R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2005-07-20 100096]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-06 730653]
    R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-06 57376]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090409.022\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090409.022\NAVEX15.SYS []
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-19 47360]
    R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
    R3 SydexFDD;Sydex Diskette Driver; \??\C:\WINDOWS\system32\Drivers\sydexfdd.sys []
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090406.002\SymIDSCo.sys []
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 vusbbus;Virtual Usb Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vusbbus.sys [2008-06-07 54784]
    R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2002-04-30 917988]
    R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-06-10 128424]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-14 113504]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-14 78752]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
    S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-28 243064]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2008-06-10 1442088]
    R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
    R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 53032]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 RogersSelfHelpService;Rogers SHS Service; C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-05-16 140648]
    R2 RogersUpdateManager;Rogers Update Manager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-04 654848]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
    R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-24 1251720]
    S1 InCDRec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-06-10 18088]
    S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
    S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-28 55640]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [2007-08-02 352338]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-28 3192184]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    EOF
  • Bob39Bob39
    edited April 2009
    I couldn't fit everything into the last post, so here is the info.txt:


    info.txt

    info.txt logfile of random's system information tool 1.06 2009-04-09 22:24:58

    ======Uninstall list======

    -->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
    -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\NuNInst.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
    Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
    Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
    Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
    Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
    Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
    Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
    Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
    Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
    Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
    Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
    Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
    Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
    AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
    ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
    AOpen FM56-PV Controllerless PCI Modem-->C:\UIU\CXT10B6\HXFSETUP.EXE -U -IVEN_14F1&DEV_10B6&SUBSYS_00C2A0A0
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
    ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
    C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
    C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
    Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
    ConvertXtoDVD 3.1.3.40-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
    Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
    Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
    Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
    Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
    ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Rogers Self Help Software 4053-->C:\Program Files\Rogers\SelfHealing\uninst.exe
    Rogers Update Manager-->C:\Program Files\Rogers\Update Manager\uninst.exe
    Rogers Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
    Security Status-->MsiExec.exe /I{FE9BA992-FCAE-49E7-97F4-EF9D97DB67A3}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    SikhiToTheMAX II-->C:\Program Files\SikhiToTheMAX II\Uninstal.exe
    Simply Accounting by Sage 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51A79BE3-6AF4-4405-AC9A-E5F74FE20299}\setup.exe" -l0x9 -removeonly
    SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Universal Document Converter-->"C:\Program Files\Universal Document Converter\unins000.exe"
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
    Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
    Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WebEx Record and Playback-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
    Wilcom ES and Design Workflow 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D025DA9-C5C9-44D5-9B6E-83D42648F453}\setup.exe" -l0x9 -removeonly
    Windows Grep 2.3-->"C:\Program Files\Windows Grep\unins000.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Wireless G WDA-1320-->C:\Program Files\InstallShield Installation Information\{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}\setup.exe -runfromtemp -l0x0009 -removeonly

    =====HijackThis Backups=====

    F2 - REG:system.ini: Shell=explorer3.exe [2008-11-05]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gname=SINGH [2008-11-05]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-11-05]

    ======Security center information======

    AV: Norton Security Online
    FW: Norton Security Online (disabled)

    ======System event log======

    Computer Name: GBG
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 10373
    Source Name: W32Time
    Time Written: 20090204165952.000000-300
    Event Type: warning
    User:

    Computer Name: GBG
    Event Code: 20
    Message: Printer Driver Brother MFC-465CN Printer for Windows NT x86 Version-3 was added or updated. Files:- brio07a.dll, briu07a.dll, BRMF465C.PDD, brio07a.chm, brmf465c.ini, bril07a.dll, brio07a.dat, briwm07a.ini, brqikmon.exe, brqikmon.chm, brio07aa.bcm, brio07ab.bcm, brio07ac.bcm, brio07af.bcm, brio07ag.bcm.

    Record Number: 10324
    Source Name: Print
    Time Written: 20090202073607.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: GBG
    Event Code: 36
    Message: The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Record Number: 10236
    Source Name: W32Time
    Time Written: 20090128165959.000000-300
    Event Type: warning
    User:

    Computer Name: GBG
    Event Code: 15300
    Message: MTP WPD Driver has failed to start. Error 0x80070005.

    Record Number: 10148
    Source Name: WPDMTPDriver
    Time Written: 20090124100503.000000-300
    Event Type: error
    User:

    Computer Name: GBG
    Event Code: 15300
    Message: MTP WPD Driver has failed to start. Error 0x80070005.

    Record Number: 10147
    Source Name: WPDMTPDriver
    Time Written: 20090124100501.000000-300
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: GBG
    Event Code: 19011
    Message: SuperSocket info: (SpnRegister) : Error 1355.

    Record Number: 10622
    Source Name: MSSQLServer
    Time Written: 20090320095958.000000-240
    Event Type: warning
    User:

    Computer Name: GBG
    Event Code: 12001
    Message: The Messenger Sharing USN Journal Reader service started successfully.

    Record Number: 10334
    Source Name: usnjsvc
    Time Written: 20090312155915.000000-300
    Event Type:
    User:

    Computer Name: GBG
    Event Code: 19011
    Message: SuperSocket info: (SpnRegister) : Error 1355.

    Record Number: 10229
    Source Name: MSSQLServer
    Time Written: 20090312022131.000000-300
    Event Type: warning
    User:

    Computer Name: GBG
    Event Code: 1517
    Message: Windows saved user GBG\Goraya Family registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 10203
    Source Name: Userenv
    Time Written: 20090312020859.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: GBG
    Event Code: 1002
    Message: Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 9989
    Source Name: Application Hang
    Time Written: 20090309145853.000000-300
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0209
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    EOF

    Thanks for all your help thus far. I really appreciate it.
  • KatanaKatana
    edited April 2009
    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper
  • Bob39Bob39
    edited April 2009
    Thanks for all your help Katana. I've posted the results from the combo fix log below.

    ComboFix 09-04-04.01 - Goraya Family 2009-04-10 10:49:01.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.855 [GMT -4:00]
    Running from: c:\documents and settings\Goraya Family\Desktop\ComboFix.exe
    AV: Norton Security Online *On-access scanning disabled* (Updated)
    FW: Norton Security Online *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090408173908500.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090408212451578.log
    c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090409064406921.log
    c:\documents and settings\Goraya Family\Application Data\inst.exe
    c:\documents and settings\Goraya Family\Start Menu\Programs\MS AntiSpyware 2009
    c:\documents and settings\Goraya Family\Start Menu\Programs\MS AntiSpyware 2009\MS AntiSpyware 2009.lnk
    c:\windows\system32\Pncrt.dll

    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\userinit.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
    .

    2009-04-09 22:24 . 2009-04-09 22:24 <DIR> d
    C:\rsit
    2009-03-19 21:10 . 2009-03-19 21:10 <DIR> d
    c:\program files\VSO
    2009-03-19 21:10 . 2009-03-20 11:51 <DIR> d
    c:\documents and settings\Goraya Family\Application Data\Vso
    2009-03-19 21:10 . 2004-05-04 12:53 1,645,320 --a
    c:\windows\gdiplus.dll
    2009-03-19 21:10 . 2006-05-20 17:16 1,184,984 --a
    c:\windows\system32\wvc1dmod.dll
    2009-03-19 21:10 . 2006-05-11 20:21 626,688 --a
    c:\windows\system32\vp7vfw.dll
    2009-03-19 21:10 . 2006-09-29 13:24 217,127 --a
    c:\windows\system32\drv43260.dll
    2009-03-19 21:10 . 2006-09-29 13:25 208,935 --a
    c:\windows\system32\drv33260.dll
    2009-03-19 21:10 . 2006-09-29 13:26 176,165 --a
    c:\windows\system32\drv23260.dll
    2009-03-19 21:10 . 2007-03-18 21:37 65,602 --a
    c:\windows\system32\cook3260.dll
    2009-03-19 21:10 . 2009-03-19 21:10 47,360 --a
    c:\windows\system32\drivers\pcouffin.sys
    2009-03-19 21:10 . 2009-03-19 21:10 47,360 --a
    c:\documents and settings\Goraya Family\Application Data\pcouffin.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-10 14:54
    d
    w c:\program files\Common Files\Symantec Shared
    2009-04-04 21:42
    d
    w c:\program files\SikhiToTheMAX II
    2009-03-25 22:41
    d
    w c:\documents and settings\Goraya Family\Application Data\uTorrent
    2009-03-12 07:01
    d
    w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-26 08:09
    d
    w c:\program files\Microsoft Silverlight
    2009-02-19 16:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
    2009-02-19 16:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
    2009-02-19 16:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
    2009-02-19 16:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
    2009-02-19 16:31 37,424 ----a-w c:\windows\system32\drivers\symndis.sys
    2009-02-19 16:31 31,280 ----a-w c:\windows\system32\drivers\SymIM.sys
    2009-02-19 16:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
    2009-02-19 16:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
    2009-02-19 16:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
    2009-02-19 16:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-04_13.03.50.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
    + 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
    + 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
    + 2008-10-03 09:57:49 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP2QFE\strmdll.dll
    + 2008-10-03 10:02:42 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3GDR\strmdll.dll
    + 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
    + 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
    + 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
    + 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
    + 2008-07-09 18:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
    + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
    + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
    + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
    + 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
    + 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
    + 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
    + 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
    + 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
    + 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
    + 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
    + 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
    + 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
    + 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
    + 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
    + 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
    + 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
    + 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
    + 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    + 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
    + 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
    + 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
    + 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    + 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
    + 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
    + 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
    + 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
    + 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
    + 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
    + 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
    + 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
    + 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
    + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
    + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
    + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
    + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
    + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
    + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
    + 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
    + 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
    + 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
    + 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlmp.exe
    + 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
    + 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrpamp.exe
    + 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
    + 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
    + 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    + 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
    + 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    + 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
    + 2008-08-14 19:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    + 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
    + 2008-08-14 20:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
    + 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
    + 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
    + 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
    + 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
    + 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
    + 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
    + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
    + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
    + 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
    + 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
    + 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
    + 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
    + 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
    + 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
    + 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
    + 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
    + 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
    + 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
    + 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
    + 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
    + 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
    + 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
    + 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
    + 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
    + 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    + 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
    + 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
    + 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
    + 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
    + 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
    + 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
    + 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
    + 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
    + 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
    + 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
    + 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
    + 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
    + 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
    + 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
    + 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
    + 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
    + 2008-12-11 10:24:44 333,184 ----a-w c:\windows\$hf_mig$\KB958687\SP2QFE\srv.sys
    + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3GDR\srv.sys
    + 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
    + 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
    + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
    + 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
    + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
    + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
    + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
    + 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
    + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
    + 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
    + 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
    + 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
    + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll
    + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe
    + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll
    + 2008-11-15 17:18:04 755,576 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll
    + 2008-12-20 23:55:43 124,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
    + 2008-12-20 23:55:44 347,136 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
    + 2008-12-20 23:55:44 214,528 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
    + 2008-12-20 23:55:44 132,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
    + 2008-12-20 23:55:45 63,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
    + 2008-12-19 09:41:51 70,656 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
    + 2008-12-20 23:55:45 153,088 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
    + 2008-12-20 23:55:45 230,400 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
    + 2008-12-19 05:24:02 161,792 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
    + 2008-12-20 23:55:46 380,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
    + 2008-12-20 23:55:46 388,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
    + 2008-12-20 23:55:50 6,068,736 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
    + 2008-12-20 23:55:50 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
    + 2008-12-20 23:55:50 267,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
    + 2008-12-19 09:41:52 13,824 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
    + 2008-12-19 05:25:30 634,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
    + 2008-12-20 23:55:51 27,648 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
    + 2008-12-20 23:55:51 459,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
    + 2008-12-20 23:55:51 52,224 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
    + 2009-01-16 16:24:38 3,596,288 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
    + 2008-12-20 23:55:56 477,696 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
    + 2008-12-20 23:55:56 193,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
    + 2008-12-20 23:55:57 671,232 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
    + 2008-12-20 23:55:57 102,912 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
    + 2008-12-20 23:55:57 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
    + 2008-12-20 23:55:57 105,984 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
    + 2008-12-20 23:55:59 1,163,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
    + 2008-12-20 23:55:59 233,472 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
    + 2008-12-20 23:56:00 827,904 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\updspapi.dll
    + 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
    + 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll
    + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
    + 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
    + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
    + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
    + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
    + 2006-10-19 00:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
    + 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
    + 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
    + 2006-10-19 01:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
    + 2006-10-19 01:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
    + 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
    + 2006-08-21 13:52:08 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
    + 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
    + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
    + 2008-07-09 18:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
    + 2008-07-14 11:09:18 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
    + 2008-02-20 06:51:05 282,624 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
    + 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
    + 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
    + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
    + 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
    + 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    + 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
    + 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
    + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
    + 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
    + 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
    + 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
    + 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
    + 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
    + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
    + 2008-08-28 10:04:17 333,056 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
    + 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
    + 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll
    + 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
    - 2006-05-05 09:41:45 453,120
    w c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2008-10-24 11:10:42 453,632
    w c:\windows\Driver Cache\i386\mrxsmb.sys
    - 2007-02-28 09:08:48 2,136,064
    w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 09:58:27 2,136,064
    w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2007-02-28 08:38:55 2,057,600
    w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 09:22:13 2,057,728
    w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2007-02-28 08:38:57 2,015,744
    w c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 09:22:14 2,015,744
    w c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2007-02-28 09:10:57 2,180,352
    w c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-08-14 10:00:45 2,180,352
    w c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2007-06-13 10:23:07 1,032,192 ----a-w c:\windows\explorer1.exe
    + 2007-06-13 10:23:07 1,032,192 ----a-w c:\windows\explorer2.exe
    + 2007-06-13 10:23:07 1,032,192 ----a-w c:\windows\explorer3.exe
    + 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
  • Bob39Bob39
    edited April 2009
    Sorry. THe log was too long, so i had to cut it into 2 replies.

    + 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
    + 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
    + 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
    + 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
    + 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
    + 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
    + 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
    + 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
    + 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
    + 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
    + 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
    + 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
    + 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
    + 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
    + 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
    + 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
    + 2008-06-24 14:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    + 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
    + 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
    + 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
    + 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
    + 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
    + 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
    + 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
    + 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
    + 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
    + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
    + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
    + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
    + 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
    + 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
    + 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
    + 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
    + 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
    + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
    + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
    + 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
    + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
    + 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
    + 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
    + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
    + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
    + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
    + 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
    + 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
    + 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
    + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
    + 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
    + 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
    + 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
    + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
    + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
    + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
    + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
    + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
    + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
    + 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
    + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
    + 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
    + 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
    + 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
    + 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
    + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
    + 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
    + 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
    + 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
    + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
    + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
    + 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
    + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
    + 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
    + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
    + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
    + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    + 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
    + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
    + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
    + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    + 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
    + 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
    + 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
    + 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
    + 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
    + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
    + 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
    + 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
    + 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
    + 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
    + 2008-11-13 08:00:36 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    - 2008-09-10 07:04:17 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-03-12 07:01:41 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-09-10 07:04:17 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-03-12 07:01:42 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-09-10 07:04:17 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-03-12 07:01:41 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-09-10 07:04:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2009-03-12 07:01:41 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-09-10 07:04:17 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2009-03-12 07:01:42 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2008-09-10 07:04:17 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-03-12 07:01:42 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-09-10 07:04:18 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-03-12 07:01:42 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-09-10 07:04:17 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-03-12 07:01:42 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-09-10 07:04:17 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2009-03-12 07:01:42 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-09-10 07:04:17 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-03-12 07:01:42 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-09-10 07:04:18 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-03-12 07:01:42 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-09-10 07:04:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-03-12 07:01:41 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2000-08-31 12:00:00 28,672 ----a-w c:\windows\Nircmd.exe
    + 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    - 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
    + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
    - 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
    + 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
    + 2008-09-17 20:29:12 20,040 ----a-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    - 2008-06-23 16:57:27 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
    + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
    - 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
    + 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
    - 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
    - 2008-06-23 16:57:27 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-06-23 16:57:27 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-06-23 16:57:27 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
    + 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
    - 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll
    + 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
    - 2008-06-23 16:57:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
    + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
    - 2008-06-23 09:20:25 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
    - 2008-06-23 16:57:29 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
    - 2008-06-23 16:57:29 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
    + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
    - 2008-06-21 05:23:54 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
    + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
    - 2008-06-23 16:57:29 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-06-23 16:57:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
    + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
    - 2008-06-23 16:57:33 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
    + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
    - 2008-06-23 16:57:34 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
    + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
    - 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
    + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
    - 2008-06-23 09:20:52 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
    + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
    - 2008-06-23 16:57:35 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
    + 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
    - 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
    + 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
    - 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
    + 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
    - 2008-06-23 16:57:36 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
    + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
    - 2008-06-23 16:57:36 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-06-24 14:57:40 3,592,192 -c----w c:\windows\system32\dllcache\mshtml.dll
    + 2009-01-17 02:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
    - 2008-06-23 16:57:39 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
    + 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
    - 2008-06-23 16:57:39 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
    + 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
    - 2008-06-23 16:57:40 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
    + 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
    - 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
    + 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
    - 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
    + 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
    - 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
    - 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-06-23 16:57:40 102,912 -c----w c:\windows\system32\dllcache\occache.dll
    + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
    - 2008-06-23 16:57:40 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
    - 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
    + 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
    - 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
    + 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
    + 2001-08-17 17:56:16 7,552 -c--a-w c:\windows\system32\dllcache\sonypvu1.sys
    - 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
    + 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
    - 2006-08-21 13:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
    + 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
    - 2008-06-23 16:57:40 105,984 -c----w c:\windows\system32\dllcache\url.dll
    + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
    - 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
    + 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-04 02:58:46 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
    - 2008-06-23 16:57:41 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
    + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
    - 2008-03-19 09:47:00 1,845,248 -c--a-w c:\windows\system32\dllcache\win32k.sys
    + 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
    - 2008-06-23 16:57:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
    + 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
    - 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
    + 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
    - 2007-06-12 03:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
    + 2008-11-11 22:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
    - 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
    - 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    - 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    - 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
    + 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
    - 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    - 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
    + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
    + 2008-10-22 21:10:22 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    + 2008-10-22 21:10:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    + 2001-08-17 17:56:16 7,552 ----a-w c:\windows\system32\drivers\SONYPVU1.SYS
    - 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
    + 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
    - 2008-08-25 03:59:55 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    + 2009-01-09 23:53:21 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    + 2004-08-04 02:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
    - 2008-06-23 16:57:27 347,136
    w c:\windows\system32\dxtmsft.dll
    + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
    - 2008-06-23 16:57:27 214,528
    w c:\windows\system32\dxtrans.dll
    + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
    - 2008-06-23 16:57:27 133,120
    w c:\windows\system32\extmgr.dll
    + 2008-12-20 23:15:13 133,120
    w c:\windows\system32\extmgr.dll
    - 2008-09-14 15:34:09 1,594,960 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-03-12 07:20:17 1,594,960 ----a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
    + 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
    - 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
    + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
    - 2008-06-23 09:20:25 70,656
    w c:\windows\system32\ie4uinit.exe
    + 2008-12-19 09:10:15 70,656
    w c:\windows\system32\ie4uinit.exe
    - 2008-06-23 16:57:29 153,088
    w c:\windows\system32\ieakeng.dll
    + 2008-12-20 23:15:14 153,088
    w c:\windows\system32\ieakeng.dll
    - 2008-06-23 16:57:29 230,400
    w c:\windows\system32\ieaksie.dll
    + 2008-12-20 23:15:14 230,400
    w c:\windows\system32\ieaksie.dll
    - 2008-06-21 05:23:54 161,792
    w c:\windows\system32\ieakui.dll
    + 2008-12-19 05:23:56 161,792
    w c:\windows\system32\ieakui.dll
    - 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
    + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
    - 2008-06-23 16:57:29 384,512
    w c:\windows\system32\iedkcs32.dll
    + 2008-12-20 23:15:16 384,512
    w c:\windows\system32\iedkcs32.dll
    - 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
    + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
    - 2008-06-23 16:57:33 44,544
    w c:\windows\system32\iernonce.dll
    + 2008-12-20 23:15:21 44,544
    w c:\windows\system32\iernonce.dll
    - 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
    + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
    - 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
    + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
    + 2004-08-04 12:00:00 24,576 ----a-w c:\windows\system32\init32.exe
    - 2008-06-23 16:57:35 27,648
    w c:\windows\system32\jsproxy.dll
    + 2008-12-20 23:15:23 27,648
    w c:\windows\system32\jsproxy.dll
    - 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
    + 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
    - 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\system32\MRT.exe
    + 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
    - 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
    + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
    - 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    - 2008-06-24 14:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
    + 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
    - 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
    + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
    - 2008-06-23 16:57:39 193,024
    w c:\windows\system32\msrating.dll
    + 2008-12-20 23:15:31 193,024
    w c:\windows\system32\msrating.dll
    - 2008-06-23 16:57:40 671,232
    w c:\windows\system32\mstime.dll
    + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
    - 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
    + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    - 2007-05-08 19:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
    + 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    - 2007-05-15 19:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll
    + 2008-08-30 01:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
    - 2008-07-19 02:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
    + 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
    - 2008-07-19 02:07:54 210,976 ----a-w c:\windows\system32\muweb.dll
    + 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
    - 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
    + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
    - 2007-02-28 08:38:57 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
    + 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
    - 2007-02-28 09:08:48 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
    + 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
    - 2008-06-23 16:57:40 102,912
    w c:\windows\system32\occache.dll
    + 2008-12-20 23:15:38 102,912
    w c:\windows\system32\occache.dll
    - 2008-09-20 16:05:54 86,492 ----a-w c:\windows\system32\perfc009.dat
    + 2009-04-10 14:39:24 86,492 ----a-w c:\windows\system32\perfc009.dat
    - 2008-09-20 16:05:54 482,962 ----a-w c:\windows\system32\perfh009.dat
    + 2009-04-10 14:39:25 482,962 ----a-w c:\windows\system32\perfh009.dat
    - 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
    + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
    + 2001-08-18 02:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
    + 2004-08-04 04:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
    - 2008-08-25 03:59:55 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
    + 2009-01-09 23:53:21 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
    - 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
    + 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
    - 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll
    + 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll
    + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    - 2007-11-30 12:39:22 17,272
    w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:18:51 17,272
    w c:\windows\system32\spmsg.dll
    + 2008-10-16 22:51:55 811,008 ----a-w c:\windows\system32\spool\drivers\w32x86\3\FCRTL.dll
    + 2008-10-16 22:52:55 299,008 ----a-w c:\windows\system32\spool\drivers\w32x86\3\FFilm.dll
    + 2008-10-16 22:51:55 7,000,064 ----a-w c:\windows\system32\spool\drivers\w32x86\3\FUDC.dll
    + 2008-10-16 22:51:55 1,706,800 ----a-w c:\windows\system32\spool\drivers\w32x86\3\gdiplus.dll
    + 2008-10-16 22:51:55 163,946 ----a-w c:\windows\system32\spool\drivers\w32x86\3\iSaver.exe
    + 2008-10-16 22:51:55 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\MemHandler.dll
    + 2008-10-16 22:51:55 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\3\udc_inst.dll
    + 2008-10-16 22:51:55 16,896 ----a-w c:\windows\system32\spool\drivers\w32x86\3\udcdrv.dll
    + 2008-10-16 22:51:55 16,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\udcdrvui.dll
    + 2008-10-16 22:51:55 172,113 ----a-w c:\windows\system32\spool\drivers\w32x86\3\udclib.dll
    + 2008-10-16 22:51:55 36,352 ----a-w c:\windows\system32\spool\drivers\w32x86\3\udcloc.dll
    + 2008-10-16 22:51:55 45,056 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unilib.dll
    + 2008-10-16 22:51:55 811,008 ----a-w c:\windows\system32\spool\drivers\w32x86\FCRTL.dll
    + 2008-10-16 22:52:55 299,008 ----a-w c:\windows\system32\spool\drivers\w32x86\FFilm.dll
    + 2008-10-16 22:51:55 7,000,064 ----a-w c:\windows\system32\spool\drivers\w32x86\FUDC.dll
    + 2008-10-16 22:51:55 1,706,800 ----a-w c:\windows\system32\spool\drivers\w32x86\gdiplus.dll
    + 2008-10-16 22:51:55 163,946 ----a-w c:\windows\system32\spool\drivers\w32x86\iSaver.exe
    + 2008-10-16 22:51:55 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\MemHandler.dll
    + 2008-10-16 22:51:55 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\udc_inst.dll
    + 2008-10-16 22:51:55 16,896 ----a-w c:\windows\system32\spool\drivers\w32x86\udcdrv.dll
    + 2008-10-16 22:51:55 16,384 ----a-w c:\windows\system32\spool\drivers\w32x86\udcdrvui.dll
    + 2008-10-16 22:51:55 172,113 ----a-w c:\windows\system32\spool\drivers\w32x86\udclib.dll
    + 2008-10-16 22:51:55 36,352 ----a-w c:\windows\system32\spool\drivers\w32x86\udcloc.dll
    + 2008-10-16 22:51:55 45,056 ----a-w c:\windows\system32\spool\drivers\w32x86\unilib.dll
    - 2007-08-11 00:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
    + 2007-07-27 13:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
    - 2006-08-21 13:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
    + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
    - 2008-06-13 18:45:48 579,464 ----a-w c:\windows\system32\SymNeti.dll
    + 2009-02-19 17:03:34 579,464 ----a-w c:\windows\system32\SymNeti.dll
    - 2008-06-13 18:45:44 207,240 ----a-w c:\windows\system32\SymRedir.dll
    + 2009-02-19 17:03:26 207,240 ----a-w c:\windows\system32\SymRedir.dll
    - 2008-07-14 11:09:18 62,976
    w c:\windows\system32\tzchange.exe
    + 2008-10-22 09:47:07 62,976
    w c:\windows\system32\tzchange.exe
    + 2007-08-15 00:57:24 5,632 ----a-w c:\windows\system32\udcpm.dll
    - 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
    + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
    - 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
    + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
    - 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
    + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
    - 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys
    + 2009-02-09 10:19:34 1,846,272 ----a-w c:\windows\system32\win32k.sys
    - 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet.dll
    + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
    - 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
    + 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
    - 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
    + 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
    - 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
    - 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
    + 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
    - 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
    + 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
    - 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
    + 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    - 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
    + 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
    - 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
    + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
    - 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
    + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
    - 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
    + 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2009-04-10 14:55:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6f0.dat
    + 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
    + 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @=&quot;{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-06-10 12:29 97064 --a
    c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "D-Link Wireless G WDA-1320"="c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [2007-08-29 1662976]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
    "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2008-06-03 509224]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-28 714608]
    "Rogers SHS"="c:\program files\Rogers\SelfHealing\shs.exe" [2008-05-16 2733416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
    "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-06-10 2049320]
    "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-06-10 1083176]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
    "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2008-09-19 932864]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [2008-08-22 484352]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-09-30 28544]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-28 149352]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 53032]
    R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-05-16 140648]
    R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
    R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [2008-08-22 28416]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2006-10-15 547744]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-08-14 57376]
    R3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [2008-08-22 13359]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-08-28 23888]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [2008-08-14 352338]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    *NewlyCreated* - PCALERTDRIVER
    *NewlyCreated* - RUSHTOPDEVICE
    *NewlyCreated* - WEBNTACCESS
    *Deregistered* - PCAlertDriver
    *Deregistered* - RushTopDevice
    *Deregistered* - WEBNTACCESS
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-07 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Goraya Family.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-28 20:43]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-UDC Integration - (no file)


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ca//
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Goraya Family\Application Data\Mozilla\Firefox\Profiles\g3172rzv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig&hl=en&btnG=Google+Search
    FF - component: c:\documents and settings\Goraya Family\Application Data\Mozilla\Firefox\Profiles\g3172rzv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-10 10:56:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Other Running Processes
    .
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Nero\Nero8\InCD\InCDsrv.exe
    c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\windows\system32\searchindexer.exe
    c:\progra~1\Yahoo!\browser\ycommon.exe
    c:\program files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
    c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
    c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2009-04-10 11:02:00 - machine was rebooted [Goraya Family]
    ComboFix-quarantined-files.txt 2009-04-10 15:01:56
    ComboFix.txt 2008-10-04 17:04:52

    Pre-Run: 60,957,622,272 bytes free
    Post-Run: 61,198,303,232 bytes free

    912 --- E O F --- 2009-03-21 07:02:12


    Thanks for your help. Your doing a great job. :respect:
  • KatanaKatana
    edited April 2009
    That's looking better, how are things running now ?


    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
  • Bob39Bob39
    edited April 2009
    Sorry for the late reply. Things are running much better now. I no longer get pop ups saying my computer is infected from MS anti-virus, and the ms anti-virus program seems to have disappeared from the toolbar. I've posted the results from the scan below.
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Saturday, April 11, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Saturday, April 11, 2009 00:59:06
    Records in database: 2032684

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Files scanned: 142815
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 05:12:54

    No malware has been detected. The scan area is clean.

    The selected area was scanned.


    Thanks for all your help.
  • KatanaKatana
    edited April 2009
    Congratulations your logs look clean :)

    Let's see if I can help you keep it that way

    First lets tidy up

    Please delete RSIT.exe and C:\RSIT (entire folder)
    You can also delete any logs we have produced, and empty your Recycle bin.


    Uninstall Combofix
    • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
    • (XP) Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
      • CF_Cleanup.png


    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) from HERE
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    Remove Programs
    Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
    click on the program to highlight it, and click on remove.
    • Java(TM) 6 Update 7
    Now close the Control Panel.

    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
      AntiSpyware is
    not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    [*]Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program
    [*]a-squared Free <<< A good "realtime" or "on demand" scanner
    [*]superantispyware <<< A good "realtime" or "on demand" scanner



    Prevention
      These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
      Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available



    Cleaning Temporary Internet Files and Tracking Cookies
      Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
Sign In or Register to comment.