Fairly new comp with a problem it seems you know how to deal with

Unknown · May 2009

I noticed many people have the problem where their computer restarts constantly. I have the same issue. I can get into safe mode. I also downloaded Hijackthis as per the instructions found at http://icrontic.com/forum/showthread.php?t=43902

the log is as follows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:52 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241214696443
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5487 bytes

I am grateful for any help you can provide.

Katana · May 2009

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Xan Krieger · May 2009

LOG
Logfile of random's system information tool 1.06 (written by random/random)
Run by Xan Krieger at 2009-05-10 11:33:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 93 GB (71%) free of 131 GB
Total RAM: 3326 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:57 AM, on 5/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Xan Krieger\Local Settings\Temporary Internet Files\Content.IE5\A4HZGZD3\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Xan Krieger.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241214696443
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5648 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-04 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-04 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-04 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-04 259696]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-05-01 1410296]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-04 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe"="C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
"C:\Program Files\Steam\SteamApps\common\company of heroes sp demo\RelicCOH.exe"="C:\Program Files\Steam\SteamApps\common\company of heroes sp demo\RelicCOH.exe:*:Enabled:Company of Heroes Singleplayer Demo"
"C:\Program Files\Steam\SteamApps\common\hearts of iron 2 demo\HoI2-Demo.exe"="C:\Program Files\Steam\SteamApps\common\hearts of iron 2 demo\HoI2-Demo.exe:*:Enabled:Hearts of Iron 2 Demo"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÂµTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-05-10 11:33:54 ----D---- C:\rsit
2009-05-09 22:26:31 ----D---- C:\Program Files\Trend Micro
2009-05-09 22:21:23 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-09 14:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-05-09 01:02:04 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-09 00:00:34 ----D---- C:\Program Files\Lighthouse Interactive
2009-05-08 21:45:34 ----A---- C:\WINDOWS\SIERRA.INI
2009-05-08 21:45:06 ----D---- C:\Sierra
2009-05-08 21:45:06 ----D---- C:\Program Files\Sierra On-Line
2009-05-08 21:40:25 ----D---- C:\Program Files\Sierra
2009-05-08 21:39:15 ----A---- C:\Program Files\Readme.txt
2009-05-08 21:39:15 ----A---- C:\Program Files\EULA.txt
2009-05-08 21:19:38 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-05-08 21:19:36 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-05-08 21:19:33 ----D---- C:\Program Files\DAEMON Tools Lite
2009-05-08 21:19:22 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\DAEMON Tools Lite
2009-05-08 21:03:51 ----D---- C:\Program Files\DAEMON Tools Pro
2009-05-08 21:03:51 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-05-08 20:16:35 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\DAEMON Tools Pro
2009-05-08 18:53:26 ----SHD---- C:\RECYCLER
2009-05-08 16:33:26 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 16:33:26 ----D---- C:\Program Files\AskSearch
2009-05-08 16:33:26 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Mozilla
2009-05-08 16:33:25 ----D---- C:\Program Files\AskBarDis
2009-05-08 16:33:22 ----D---- C:\Program Files\uTorrent
2009-05-08 16:33:20 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\uTorrent
2009-05-08 16:07:14 ----HD---- C:\WINDOWS\PIF
2009-05-08 12:37:00 ----D---- C:\Program Files\EGOSOFT
2009-05-08 12:37:00 ----A---- C:\WINDOWS\unins000.exe
2009-05-04 19:15:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-04 19:15:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-04 19:15:01 ----D---- C:\Program Files\Common Files\Adobe
2009-05-04 19:15:01 ----D---- C:\Program Files\Adobe
2009-05-04 19:14:07 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Google
2009-05-04 19:13:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-04 19:13:08 ----D---- C:\Program Files\Google
2009-05-04 19:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-05-04 19:13:03 ----D---- C:\Program Files\NOS
2009-05-04 18:49:54 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Wings3D
2009-05-04 18:46:08 ----D---- C:\Program Files\wings3d_1.0-rc1
2009-05-03 17:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-03 17:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-03 17:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-03 17:49:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-03 17:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-03 17:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-03 17:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-05-03 17:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-03 17:49:04 ----D---- C:\WINDOWS\system32\KB905474
2009-05-03 17:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-03 17:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-03 17:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-03 17:48:38 ----D---- C:\Program Files\MSXML 6.0
2009-05-03 17:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-03 17:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-05-03 17:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-03 17:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-03 17:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-03 17:48:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-03 17:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-03 17:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-03 17:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-03 17:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-03 17:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-05-03 17:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-03 17:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-03 17:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-03 17:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-03 17:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-03 17:47:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-03 17:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-03 17:47:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-03 17:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-03 17:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-05-03 17:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-03 14:03:25 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-03 14:00:50 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-05-03 14:00:19 ----D---- C:\WINDOWS\system32\PreInstall
2009-05-03 14:00:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-03 14:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-05-03 14:00:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-02 15:22:32 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\The Creative Assembly
2009-05-02 14:52:44 ----RA---- C:\WINDOWS\system32\RtNicProp32.dll
2009-05-02 14:52:18 ----D---- C:\WINDOWS\OPTIONS
2009-05-02 14:51:48 ----D---- C:\WINDOWS\system32\Lang
2009-05-02 14:38:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-02 14:36:11 ----D---- C:\WINDOWS\Minidump
2009-05-02 14:33:39 ----D---- C:\WINDOWS\system32\RTCOM
2009-05-02 14:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-05-02 14:33:06 ----A---- C:\WINDOWS\RtkUpd.exe
2009-05-02 14:33:04 ----A---- C:\WINDOWS\vncutil.exe
2009-05-02 14:33:04 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-05-02 14:33:04 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-05-02 14:33:04 ----A---- C:\WINDOWS\SkyTel.exe
2009-05-02 14:33:04 ----A---- C:\WINDOWS\RtlUpd.exe
2009-05-02 14:33:03 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-05-02 14:33:02 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-05-02 14:32:58 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-05-02 14:32:57 ----A---- C:\WINDOWS\MicCal.exe
2009-05-02 14:32:55 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-05-02 14:32:55 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-05-02 14:32:54 ----D---- C:\Program Files\Realtek
2009-05-02 14:32:50 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-05-02 14:32:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-02 14:32:33 ----D---- C:\Program Files\AMD
2009-05-02 14:32:28 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\InstallShield
2009-05-02 14:32:11 ----D---- C:\Program Files\Browser Configuration Utility
2009-05-02 14:32:11 ----A---- C:\WINDOWS\system32\dvmurl.dll
2009-05-02 14:31:55 ----D---- C:\Program Files\Gigabyte
2009-05-02 09:19:47 ----D---- C:\Program Files\MSBuild
2009-05-02 09:17:52 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-02 09:17:51 ----D---- C:\WINDOWS\system32\en-us
2009-05-02 09:17:32 ----D---- C:\Program Files\Reference Assemblies
2009-05-02 09:17:20 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-05-02 09:17:09 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-05-02 09:16:34 ----D---- C:\WINDOWS\system32\xlive
2009-05-02 09:16:34 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-05-02 09:12:33 ----D---- C:\WINDOWS\Prefetch
2009-05-02 09:08:37 ----D---- C:\WINDOWS\provisioning
2009-05-02 09:08:37 ----D---- C:\WINDOWS\peernet
2009-05-02 09:07:53 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-02 09:05:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-05-02 09:03:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-02 09:03:56 ----D---- C:\WINDOWS\EHome
2009-05-02 08:58:51 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-05-02 08:46:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-05-02 08:43:35 ----D---- C:\WINDOWS\system32\bits
2009-05-02 08:43:28 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-05-02 08:43:16 ----N---- C:\WINDOWS\system32\xpob2res.dll
2009-05-02 08:43:16 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-02 08:43:16 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-02 08:43:16 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-05-02 08:43:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-01 20:25:52 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\ATI
2009-05-01 20:25:52 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-05-01 20:22:38 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-05-01 20:20:53 ----RSD---- C:\WINDOWS\assembly
2009-05-01 20:20:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-01 20:20:07 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-05-01 20:19:08 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-05-01 20:19:06 ----RA---- C:\WINDOWS\system32\ATIODE.exe.manifest
2009-05-01 20:19:06 ----RA---- C:\WINDOWS\system32\ATIODCLI.exe.manifest
2009-05-01 20:19:06 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-05-01 20:19:03 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-05-01 20:18:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-01 20:18:26 ----D---- C:\Program Files\ATI Technologies
2009-05-01 20:17:47 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-01 19:49:22 ----D---- C:\Program Files\Stardock
2009-05-01 19:27:02 ----D---- C:\Program Files\Steam
2009-05-01 19:26:40 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-05-01 19:26:40 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-05-01 19:26:40 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-05-01 19:26:39 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-05-01 19:26:39 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-05-01 19:26:39 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-05-01 19:26:39 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-05-01 17:52:15 ----A---- C:\WINDOWS\system32\wups2.dll
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wups.dll
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-05-01 17:52:14 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-05-01 17:51:42 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-01 15:55:49 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-05-01 15:55:49 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-05-01 15:55:49 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-05-01 15:55:49 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-05-01 15:55:47 ----D---- C:\Program Files\Alwil Software
2009-05-01 15:47:44 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Macromedia
2009-05-01 15:47:44 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Adobe
2009-05-01 15:39:07 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-01 15:38:39 ----D---- C:\OEMSettings
2009-05-01 15:38:33 ----D---- C:\Program Files\NETGEAR
2009-05-01 15:36:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 15:34:16 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-05-01 15:34:16 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-05-01 15:34:16 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-05-01 15:34:16 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-05-01 15:34:16 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-05-01 15:34:15 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-05-01 15:34:15 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-05-01 15:34:15 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-05-01 15:34:15 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-05-01 15:34:15 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-05-01 15:34:14 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-05-01 15:34:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-05-01 15:34:14 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-05-01 15:34:14 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-05-01 15:34:13 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-05-01 15:34:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-05-01 15:34:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-05-01 15:34:13 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-05-01 15:34:13 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-05-01 15:34:12 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-05-01 15:34:12 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-05-01 15:34:12 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-05-01 15:34:11 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-05-01 15:34:11 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-01 15:34:11 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-05-01 15:34:11 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-05-01 15:34:10 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-05-01 15:34:09 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-05-01 15:34:09 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-05-01 15:34:09 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-05-01 15:34:09 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-05-01 15:34:08 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-05-01 15:34:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-05-01 15:34:08 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-05-01 15:34:07 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-05-01 15:34:06 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-05-01 15:34:05 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-05-01 15:34:04 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-05-01 15:34:04 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-05-01 15:34:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-05-01 15:33:55 ----D---- C:\WINDOWS\RegisteredPackages
2009-05-01 15:33:37 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-05-01 15:33:37 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-05-01 15:33:37 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-05-01 15:33:37 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-05-01 15:33:37 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\qedit.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\qdv.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\qasf.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-05-01 15:33:36 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\qcap.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\pid.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\encapi.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dswave.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dsound.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmime.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dmband.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\dinput.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\devenum.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-05-01 15:33:35 ----A---- C:\WINDOWS\system32\amstream.dll
2009-05-01 15:33:17 ----D---- C:\WINDOWS\Logs
2009-05-01 15:29:58 ----SHD---- C:\WINDOWS\Installer
2009-05-01 15:29:56 ----D---- C:\Documents and Settings\Xan Krieger\Application Data\Identities
2009-05-01 15:29:55 ----HD---- C:\Program Files\Uninstall Information
2009-05-01 15:29:41 ----SD---- C:\Documents and Settings\Xan Krieger\Application Data\Microsoft
2009-05-01 15:29:41 ----ASH---- C:\Documents and Settings\Xan Krieger\Application Data\desktop.ini
2009-05-01 15:28:06 ----SHD---- C:\System Volume Information
2009-05-01 15:28:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-01 15:25:57 ----D---- C:\WINDOWS\system32\xircom
2009-05-01 15:25:57 ----D---- C:\Program Files\xerox
2009-05-01 15:25:57 ----D---- C:\Program Files\microsoft frontpage
2009-05-01 15:25:40 ----A---- C:\WINDOWS\control.ini
2009-05-01 15:25:40 ----A---- C:\AUTOEXEC.BAT
2009-05-01 15:25:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-01 15:25:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-05-01 15:25:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-01 15:25:04 ----RD---- C:\WINDOWS\Offline Web Pages
2009-05-01 15:25:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-01 15:25:02 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-01 15:24:49 ----D---- C:\WINDOWS\srchasst
2009-05-01 15:24:44 ----D---- C:\WINDOWS\system32\Macromed
2009-05-01 15:24:44 ----D---- C:\WINDOWS\system32\DirectX
2009-05-01 15:24:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-01 15:24:31 ----D---- C:\Program Files\Movie Maker
2009-05-01 15:24:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-01 15:24:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-01 15:24:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-01 15:24:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-01 15:24:18 ----A---- C:\WINDOWS\system32\atrace.dll
2009-05-01 15:24:14 ----A---- C:\WINDOWS\system32\desktop.ini
2009-05-01 15:24:14 ----A---- C:\WINDOWS\desktop.ini
2009-05-01 15:24:08 ----D---- C:\WINDOWS\system32\Restore
2009-05-01 15:24:08 ----D---- C:\Program Files\Windows Media Player
2009-05-01 15:24:08 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-01 15:24:08 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-05-01 15:24:08 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-01 15:24:07 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-01 15:24:04 ----D---- C:\WINDOWS\PCHEALTH
2009-05-01 15:24:04 ----D---- C:\Program Files\NetMeeting
2009-05-01 15:24:04 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-01 15:24:04 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-01 15:24:04 ----A---- C:\WINDOWS\system32\acctres.dll
2009-05-01 15:24:03 ----D---- C:\Program Files\Common Files\Services
2009-05-01 15:24:02 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-01 15:24:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-01 15:23:59 ----SD---- C:\WINDOWS\Tasks
2009-05-01 15:23:59 ----D---- C:\Program Files\Outlook Express
2009-05-01 15:23:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-01 15:23:58 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-05-01 15:23:56 ----D---- C:\Program Files\Common Files\MSSoap
2009-05-01 15:23:53 ----D---- C:\Program Files\Common Files\System
2009-05-01 15:23:51 ----D---- C:\Program Files\Internet Explorer
2009-05-01 15:23:30 ----D---- C:\Program Files\ComPlus Applications
2009-05-01 15:23:29 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-01 15:23:29 ----A---- C:\WINDOWS\vb.ini
2009-05-01 15:23:25 ----D---- C:\WINDOWS\Registration
2009-05-01 15:23:20 ----HD---- C:\Program Files\WindowsUpdate
2009-05-01 15:23:20 ----D---- C:\Program Files\Online Services
2009-05-01 15:23:16 ----D---- C:\Program Files\Messenger
2009-05-01 15:23:10 ----D---- C:\Program Files\MSN
2009-05-01 15:23:07 ----D---- C:\Program Files\MSN Gaming Zone
2009-05-01 15:23:07 ----A---- C:\WINDOWS\system32\write.exe
2009-05-01 15:23:01 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-01 15:23:00 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-01 15:22:59 ----D---- C:\Program Files\Windows NT
2009-05-01 15:22:59 ----A---- C:\WINDOWS\system32\winchat.exe
2009-05-01 15:22:58 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-01 15:22:55 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-01 15:22:54 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-01 15:22:54 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-01 15:22:54 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-01 15:22:53 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\reset.exe
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-01 15:22:52 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tskill.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\tscon.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\shadow.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\regini.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-01 15:22:51 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-05-01 15:22:50 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\msg.exe
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\logoff.exe
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-01 15:22:50 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-05-01 15:22:49 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-01 15:22:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-05-01 15:22:49 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-01 15:22:49 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-01 15:22:48 ----D---- C:\WINDOWS\system32\Com
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-01 15:22:48 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-01 15:22:47 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-01 15:22:47 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-01 15:22:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-01 15:22:47 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-01 15:22:47 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-01 15:22:46 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-01 15:22:39 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-05-01 15:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-01 15:22:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-01 15:22:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-01 15:22:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-01 11:20:53 ----A---- C:\WINDOWS\system32\h323log.txt
2009-05-01 11:17:17 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-01 11:16:25 ----A---- C:\WINDOWS\imsins.BAK
2009-05-01 11:16:22 ----D---- C:\Program Files\Common Files\ODBC
2009-05-01 11:16:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-01 11:16:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-01 11:16:19 ----RD---- C:\Program Files
2009-05-01 11:16:19 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-05-01 11:16:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-01 11:16:19 ----D---- C:\Program Files\Common Files
2009-05-01 11:16:17 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-05-01 11:16:17 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-05-01 11:16:17 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-05-01 11:16:16 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-05-01 11:16:14 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-05-01 11:16:13 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-05-01 11:16:13 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-05-01 11:16:13 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-05-01 11:16:13 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-05-01 11:16:13 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-05-01 11:16:12 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-05-01 11:16:11 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-05-01 11:16:10 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-01 11:16:08 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-05-01 11:16:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-05-01 11:16:08 ----A---- C:\WINDOWS\notepad.exe
2009-05-01 11:16:07 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-01 11:16:01 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-01 11:15:31 ----RA---- C:\WINDOWS\SET7.tmp
2009-05-01 11:15:29 ----RA---- C:\WINDOWS\SET3.tmp
2009-05-01 11:15:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-01 11:15:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-01 11:15:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-01 11:15:08 ----A---- C:\WINDOWS\setuplog.txt
2009-05-01 11:15:05 ----D---- C:\Documents and Settings
2009-05-01 11:10:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-01 11:10:48 ----RSD---- C:\WINDOWS\Fonts
2009-05-01 11:10:48 ----RD---- C:\WINDOWS\Web
2009-05-01 11:10:48 ----HD---- C:\WINDOWS\inf
2009-05-01 11:10:48 ----D---- C:\WINDOWS\WinSxS
2009-05-01 11:10:48 ----D---- C:\WINDOWS\twain_32
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Temp
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\wins
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\wbem
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\usmt
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\spool
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\ShellExt
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\Setup
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\ras
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\oobe
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\npp
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\mui
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\IME
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\icsxml
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\ias
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\export
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\drivers
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\dhcp
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\config
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\3com_dmi
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\3076
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\2052
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1054
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1042
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1041
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1037
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1033
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1031
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1028
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32\1025
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system32
2009-05-01 11:10:48 ----D---- C:\WINDOWS\system
2009-05-01 11:10:48 ----D---- C:\WINDOWS\security
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Resources
2009-05-01 11:10:48 ----D---- C:\WINDOWS\repair
2009-05-01 11:10:48 ----D---- C:\WINDOWS\mui
2009-05-01 11:10:48 ----D---- C:\WINDOWS\msapps
2009-05-01 11:10:48 ----D---- C:\WINDOWS\msagent
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Media
2009-05-01 11:10:48 ----D---- C:\WINDOWS\java
2009-05-01 11:10:48 ----D---- C:\WINDOWS\ime
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Help
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Driver Cache
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Debug
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Cursors
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Connection Wizard
2009-05-01 11:10:48 ----D---- C:\WINDOWS\Config
2009-05-01 11:10:48 ----D---- C:\WINDOWS\AppPatch
2009-05-01 11:10:48 ----D---- C:\WINDOWS\addins
2009-05-01 11:10:48 ----D---- C:\WINDOWS

Xan Krieger · May 2009

======List of files/folders modified in the last 1 months======
2009-05-08 21:31:34 ----A---- C:\WINDOWS\system.ini
2009-05-02 09:09:04 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-20 5027840]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\System32\DRIVERS\WN121TXP.sys [2006-12-07 499456]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2008-12-25 3721664]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 aywg0xno;aywg0xno; C:\WINDOWS\system32\drivers\aywg0xno.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2009-01-14 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

EOF

Xan Krieger · May 2009

info.txt logfile of random's system information tool 1.06 2009-05-10 11:33:59
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x1001
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Company of Heroes Singleplayer Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9300
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
EasySaver B9.0205.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly
Empire: Total War-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10500
Galactic Civilizations II-->C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hearts of Iron 2 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22170
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld-->C:\Sierra\HOMEWO~1\UNINST~1\UNWISE.EXE C:\Sierra\HOMEWO~1\UNINST~1\INSTALL.LOG
Homeworld2-->C:\Program Files\Sierra\Homeworld2\uninstall.exe
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NETGEAR WN121T wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}\setup.exe -runfromtemp -l0x0409
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sword of the Stars-->C:\Program Files\Lighthouse Interactive\Sword of the Stars\Uninstall.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Wings 3D 1.0-rc1-->C:\Program Files\wings3d_1.0-rc1\Uninstall.exe
X3 Reunion Playable DEMO v1.3.1-->"C:\WINDOWS\unins000.exe"
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090508-0]
======System event log======
Computer Name: JESSIE2V2
Event Code: 1006
Message: Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 001B2F2951F5. The following error occurred
during configuration: The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address.
.
Record Number: 62
Source Name: Dhcp
Time Written: 20090501154135.000000-240
Event Type: warning
User:
Computer Name: JESSIE2V2
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.
Record Number: 59
Source Name: Dhcp
Time Written: 20090501154028.000000-240
Event Type: warning
User:
Computer Name: JESSIE2V2
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -86434 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.107:123->207.46.232.182:123) is working properly.
Record Number: 58
Source Name: W32Time
Time Written: 20090501153955.000000-240
Event Type: error
User:
Computer Name: JESSIE2V2
Event Code: 4311
Message: Initialization failed because the driver device could not be created.
Record Number: 49
Source Name: NetBT
Time Written: 20090501153910.000000-240
Event Type: error
User:
Computer Name: JESSIE2V2
Event Code: 10010
Message: The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.
Record Number: 25
Source Name: DCOM
Time Written: 20090501152939.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: JESSIE2V2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 124
Source Name: .NET Runtime Optimization Service
Time Written: 20090501220111.000000-240
Event Type:
User:
Computer Name: JESSIE2V2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Engine, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 122
Source Name: .NET Runtime Optimization Service
Time Written: 20090501220111.000000-240
Event Type:
User:
Computer Name: JESSIE2V2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: CustomMarshalers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 120
Source Name: .NET Runtime Optimization Service
Time Written: 20090501220110.000000-240
Event Type:
User:
Computer Name: JESSIE2V2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

Record Number: 118
Source Name: .NET Runtime Optimization Service
Time Written: 20090501220110.000000-240
Event Type:
User:
Computer Name: JESSIE2V2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 116
Source Name: .NET Runtime Optimization Service
Time Written: 20090501220110.000000-240
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

EOF

Xan Krieger · May 2009

for some reason the problem was not present today.

Katana · May 2009

There is no obvious sign of infection.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Xan Krieger · May 2009

Before I do that this may help. Today I got the message "Your system has recovered from a serious error". I got that box several times. After sending the error report the page it led me to was about the bluse screen of death though it never once showed up.

Katana · May 2009

That could be caused by malware or hardware/software problems, please post the MBAM and Kaspersky logs.

Xan Krieger · May 2009

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
5/11/2009 6:52:10 PM
mbam-log-2009-05-11 (18-52-10).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 131694
Time elapsed: 25 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

I'm leaning towards the hardware/software problems. I removed two programs and the computer seems fine. I will keep you updated should the problem occur again.

Katana · May 2009

Which programs did you remove ?

Xan Krieger · May 2009

Daemontools (in case you're unfamiliar it's like a virtual CD drive). The other one I've honestly forgotten (the fact that I don't remember well at 1:14am doesn't help).

Katana · May 2009

Thanks for letting us know andout Daemon anyway

Congratulations your logs look clean
Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Set correct settings for files that should be hidden in Windows XP

Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types. << This helps identify rogue files
Click OK

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A New and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

Happy surfing K'

Fairly new comp with a problem it seems you know how to deal with

Comments