Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows blank screen. No display at all. [RESOLVED]


  • This topic is locked This topic is locked

#1
ManishKR

ManishKR

    Member

  • Member
  • PipPip
  • 18 posts
Hi,


About a week back, my system's McAfee Virus-Scan kept displaying a message every 10 seconds saying that Trojan Vundo had been detected. I downloaded and installed BitDefender Trial version and ran it. It told me that my system affected by Virtumonde (mostly registry entries) and cleared them off. But then when my system restarted, it became very slow. I then downloaded and installed Spybot Search & Destroy 1.5.2 and ran that. It found 3 instances of Trojan.Vundo.DZN and cleared them (or so it showed). But the system was still running slow. Atleast now the Virus Scan did not pop up with the Vundo warning. So I downloaded VundoFix and ran that. It again found 3 files and then i selected Remove Vundo. And then I got the biggest shock till now. My system now starts up and gets onto the log on page and then i put in my username and password and then all i see is a blue screen with the pointer in the middle of the screen but NOTHING ELSE!! And my system starts up fine in Safe Mode and i've run VundoFix in Safe Mode to check whether Trojan Vundo is still there or not but it comes clean. Spybot also comes clean in Safe Mode. But I cannot start my system in normal boot up. Can you please help me get my desktop back at least?? I'm really really worried now that I might have to reinstall the OS. BTW, i've downloaded and kept HiJackThis and ComboFix ready in my USB Memory Drive for use whenever you suggest.

Please suggest what to do now. :)

Warm Regards,
Manish.



Edited at 7:49 P.M. 29/02/08



I ran ComboFix and HiJackThis after that and the logs are posted below. Hope this gives you a better idea of what i'm dealing with here and suggest steps to fix the problem.


ComboFix

ComboFix 08-02-25.3 - jll2 2008-02-29 19:35:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.330 [GMT 5.5:30]
Running from: C:\Documents and Settings\jll2\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbrpijie.ini
C:\WINDOWS\system32\cjlpgrin.dll
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\hoyrsnvi.ini
C:\WINDOWS\system32\kmqhwcie.ini
C:\WINDOWS\system32\nirgpljc.ini
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-28 15:39 . 2008-02-29 11:41 <DIR> d-------- C:\VundoFix Backups
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 17:04 . 2008-02-29 13:13 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-23 15:43 . 2008-02-23 15:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\BitDefender
2008-02-23 15:35 . 2008-02-23 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 21:45 . 2008-02-21 21:51 <DIR> d-------- C:\Temp
2008-02-21 21:44 . 2008-02-21 21:44 <DIR> d-------- C:\Program Files\Xilisoft
2008-02-21 11:07 . 2008-02-21 11:07 <DIR> d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42 . 2008-02-20 15:42 <DIR> d-------- C:\Program Files\Unity
2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38 . 2008-02-19 22:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33 . 2008-02-19 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33 . 2008-02-19 20:33 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26 . 2008-02-19 20:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 19:37 . 2008-02-22 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-19 19:37 . 2008-02-19 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 19:11 . 2008-02-19 19:11 1,212 --a------ C:\WINDOWS\ST6UNST.000
2008-02-19 18:54 . 2008-02-19 18:54 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11 . 2008-02-19 18:11 <DIR> d-------- C:\Program Files\StumbleUpon
2008-02-19 18:11 . 2008-02-28 12:06 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 15:03 . 2007-12-07 07:51 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-19 15:03 . 2007-07-01 09:01 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-19 15:03 . 2007-07-01 09:06 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-19 15:03 . 2007-12-07 07:51 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-19 15:03 . 2007-12-07 07:51 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-19 15:03 . 2007-12-07 07:51 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-19 15:03 . 2007-12-07 07:51 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-19 15:03 . 2007-12-07 07:51 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-19 15:03 . 2007-12-06 16:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-19 14:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-19 14:07 . 2008-02-19 14:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-19 13:50 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-19 13:50 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-19 13:50 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-19 11:30 . 2007-07-09 18:39 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-19 11:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 11:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 12:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\peernet
2008-02-18 12:42 . 2008-02-18 12:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31 . 2008-02-18 12:31 <DIR> d-------- C:\WINDOWS\EHome
2008-02-16 15:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-16 15:32 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-02-16 15:32 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-02-16 15:32 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-02-13 11:23 . 2005-10-21 03:50 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-13 10:00 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-13 09:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-13 09:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 19:31 . 2008-02-19 10:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-09 19:28 . 2008-02-09 19:31 <DIR> d-------- C:\Program Files\Winamp
2008-02-09 19:28 . 2008-02-09 19:34 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:39 . 2007-04-24 11:33 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys
2008-02-08 19:39 . 2007-04-24 11:33 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys
2008-02-08 19:38 . 2008-02-08 19:39 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:38 . 2007-04-24 11:33 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys
2008-02-08 19:38 . 2007-04-24 11:33 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys
2008-02-08 19:38 . 2007-04-24 11:33 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys
2008-02-08 19:36 . 2008-02-08 19:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:35 . 2008-02-08 19:36 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:34 . 2008-02-08 19:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24 . 2008-02-07 18:24 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-02-07 11:29 . 2008-02-15 13:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-02 11:36 . 2008-02-22 11:50 <DIR> d--hs---- C:\Documents and Settings\jll2\UserData
2008-02-02 10:40 . 2008-02-02 10:40 125 --a------ C:\WINDOWS\IEPatchUninstall.BAK
2008-02-02 10:33 . 2008-02-02 10:33 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 13:46 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-19 13:46 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-19 08:43 --------- d-----w C:\Program Files\Microsoft Works
2008-02-07 12:54 --------- d-----w C:\Program Files\Dell
2008-02-02 06:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-28 04:31 --------- d-----w C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 10:19 --------- d-----w C:\Program Files\FriendFinder
2008-01-25 10:10 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-24 05:58 --------- d-----w C:\Documents and Settings\jll1\Application Data\ICAClient
2008-01-22 07:25 --------- d-----w C:\Documents and Settings\jll1\Application Data\AdobeUM
2008-01-09 11:53 --------- d-----w C:\Documents and Settings\jll1\Application Data\Yahoo!
2008-01-09 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-07 12:11 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-01-03 03:46 --------- d-----w C:\Program Files\NETWORK ASSOCIATES
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b72f00b-45fc-4645-9e9f-e0b8eb578d7c}]
C:\WINDOWS\system32\ibhcxxto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85429961-D537-4B19-8FDA-F284548CC281}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-02-13 07:55 1587512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-04-05 18:52 94208]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-04-05 18:49 77824]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 17:30 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:12 1404928]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-25 12:10 360448]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [2004-04-30 09:37 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 04:24 37376]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2007-03-22 19:17 98656]
"Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2005-04-05 18:53 114688]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 17:09 59392]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [2005-08-31 16:50 139320]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2007-04-02 21:42 17248]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2007-04-19 14:00 125792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:01 208952]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 14:00 25440]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2007-03-22 19:17 66400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 15:40]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 14:12]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}]
\Shell\Auto\command - E:\tomskype.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 19:30:30 C:\WINDOWS\Tasks\Defrag (Desktop) .....job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 19:39:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-02-29 19:41:58 - machine was rebooted [jll2]
ComboFix-quarantined-files.txt 2008-02-29 14:11:55
.
2008-02-22 07:26:38 --- E O F ---



HijackThis v2.0.2


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:26 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.j...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.jon...oard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.j...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8702 bytes

Thats about it. Can anyone please tell me what I need to do so that my system starts working on normal startup and I get something apart from the blue screen with the pointer in the middle once i login? Am currently working in Safe Mode and it works fine, but thats not what i want! :)



Edited at 2:49 P.M. 01/03/08


:) PROGRESS AT LAST :)

After posting the above yesterday, I ran the Recovery Console and ran a repair. Once the repair was complete I restarted the system in normal mode and was happy to note that I was able to see my normal desktop and today morning again the system logged onto the normal desktop but the system is still very slow. Opening IE takes an enternity, and everything else is very slow. I've downloaded the below softwares and have got them ready on my USB Memory Drive in case I need to use them to fix my system completely. Please help me get my system back to normal.

dss.exe
registryboosteraff.exe
SDFix.exe
SUPERAntiSpyware.exe
OTMoveIt2.exe
SmitfraudFix.exe
ATF-Cleaner.exe


Thank you,
Warm Regards,
Manish.

Edited by ManishKR, 01 March 2008 - 03:27 AM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Rorschach112,

Thank you for taking out some of your valuable time to help me out. Apologies for being impatient. I had run DSS before your suggestion and have got the resultant files attached. Also run SDFix and then Sophos Antivirus and have also got its log file attached. I've also run VirtumundoBeGone and the resultant file is attached as well.

Sorry if i've run ahead of you and done something wrong. :) Please do let me know how to proceed. My system is still quite slow. Have done a defrag of the HDD and its got 48% free space. :)

Thank you,
Warm Regards,
Manish.

Attached Files


Edited by ManishKR, 04 March 2008 - 01:17 AM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the DSS logs and not attach them

Also post the SDFix report if you have it
  • 0

#5
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi ,


Please find the logs below.

Main.txt

Deckard's System Scanner v20071014.68
Run by jll2 on 2008-03-03 20:05:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-03-03 14:35:45 UTC - RP387 - Deckard's System Scanner Restore Point
79: 2008-03-03 14:16:48 UTC - RP386 - Uniblue RegistryBooster
78: 2008-03-02 14:00:47 UTC - RP385 - System Checkpoint
77: 2008-03-01 12:26:23 UTC - RP384 - Installed SUPERAntiSpyware Free Edition
76: 2008-03-01 06:05:42 UTC - RP383 - System Checkpoint


-- First Restore Point --
1: 2008-02-21 16:03:55 UTC - RP308 - Installed Windows XP KB896428.


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as jll2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:54 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\DOCUME~1\jll2\LOCALS~1\Temp\Rar$EX03.109\Uniblue_Registry_Booster_v2.0.1114.3657\Crack\register.exe
C:\Documents and Settings\jll2\Desktop\dss.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jll2.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\McScript_InUse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.j...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.jon...oard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.j...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS4\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxxwxv - C:\WINDOWS\
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10886 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080229-194651-190 O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R4 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-27 01:00:30 278 --a------ C:\WINDOWS\Tasks\Defrag (Desktop) .....job


-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-03 19:22:22 0 d-------- C:\Documents and Settings\jll2\Application Data\Uniblue
2008-03-03 19:04:39 0 d-------- C:\Program Files\Uniblue
2008-03-03 15:09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 15:09:32 0 d-------- C:\Documents and Settings\jll2\Application Data\Mozilla
2008-03-03 14:05:06 3503 --a------ C:\Start_.cmd
2008-03-03 14:01:46 0 d-------- C:\327882R2FWJFW
2008-03-01 17:59:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 17:56:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 17:56:54 0 d-------- C:\Documents and Settings\jll2\Application Data\SUPERAntiSpyware.com
2008-02-29 19:45:02 0 d-------- C:\Program Files\Trend Micro
2008-02-29 17:15:58 0 d-------- C:\cmdcons
2008-02-29 17:14:38 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-29 17:14:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-29 17:14:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-29 17:14:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-28 15:39:37 0 d-------- C:\VundoFix Backups
2008-02-25 12:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 15:43:10 0 d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Program Files\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files\BitDefender
2008-02-23 12:18:28 0 d-------- C:\WINDOWS\pss
2008-02-21 21:45:36 0 d-------- C:\Temp
2008-02-21 21:44:23 0 d-------- C:\Program Files\Xilisoft
2008-02-21 11:07:17 0 d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42:03 0 d-------- C:\Program Files\Unity
2008-02-19 22:40:37 0 d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38:56 0 d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33:38 0 d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26:45 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-19 20:26:35 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-19 20:26:34 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-19 20:26:34 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-19 20:26:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-19 20:26:33 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-19 20:26:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-19 20:26:31 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-19 20:26:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 18:54:40 0 d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11:42 0 d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 18:11:38 0 d-------- C:\Program Files\StumbleUpon
2008-02-19 14:52:55 0 d-------- C:\WINDOWS\network diagnostic
2008-02-19 14:07:39 0 d-------- C:\Program Files\MSXML 4.0
2008-02-19 10:51:09 0 d-------- C:\WINDOWS\Prefetch
2008-02-18 12:46:02 0 d-------- C:\WINDOWS\peernet
2008-02-18 12:46:01 0 d-------- C:\WINDOWS\provisioning
2008-02-18 12:42:16 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31:26 0 d-------- C:\WINDOWS\EHome
2008-02-15 10:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-13 10:01:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-13 09:35:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-09 19:28:40 0 d-------- C:\Program Files\Winamp
2008-02-09 19:28:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:38:34 0 d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:36:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35:43 0 d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:35:24 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35:21 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35:17 0 d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:34:37 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24:47 0 d-------- C:\WINDOWS\system32\Dell
2008-02-07 13:12:18 0 d-------- C:\Documents and Settings\jll2\Application Data\Sun
2008-02-07 12:35:55 0 d-------- C:\Documents and Settings\jll2\Application Data\WinRAR
2008-02-07 11:29:01 0 d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-07 10:06:25 0 d-------- C:\Documents and Settings\jll2\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-03-01 17:48:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files
2008-02-19 19:16:42 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-19 14:13:49 0 d-------- C:\Program Files\Microsoft Works
2008-02-18 12:46:04 0 d-------- C:\Program Files\Movie Maker
2008-02-18 12:41:40 0 d-------- C:\Program Files\Windows NT
2008-02-07 18:24:47 0 d-------- C:\Program Files\Dell
2008-02-07 11:28:52 0 d-------- C:\Documents and Settings\jll2\Application Data\Adobe
2008-01-28 10:01:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 15:49:00 0 d-------- C:\Program Files\FriendFinder
2008-01-03 09:16:49 0 d-------- C:\Program Files\NETWORK ASSOCIATES


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b72f00b-45fc-4645-9e9f-e0b8eb578d7c}]
C:\WINDOWS\system32\ibhcxxto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85429961-D537-4B19-8FDA-F284548CC281}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/05/2005 06:52 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/05/2005 06:49 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 05:30 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 12:12 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [06/13/2007 08:16 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/25/2008 12:10 PM]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [04/30/2004 09:37 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/16/2008 04:24 AM]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [03/22/2007 07:17 PM]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [08/31/2005 04:50 PM]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [04/02/2007 09:42 PM]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [04/19/2007 02:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 11:01 AM]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [04/19/2007 02:00 PM]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [03/22/2007 07:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [02/13/2004 07:55 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [10/22/2007 10:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BGInfo.lnk - C:\WINDOWS\Bginfo.exe [11/11/2005 2:40:50 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa037a-e6ac-11dc-a38d-de4af262252f}]
Auto\command- tomskype.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}]
Auto\command- E:\tomskype.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

*Newly Created Service* - ENTDRV51
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-03-03 20:41:03 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 92%
Physical Memory (total/avail): 502.07 MiB / 36.33 MiB
Pagefile Memory (total/avail): 1560.48 MiB / 413.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.19 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST340014AS - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:

\\.\PHYSICALDRIVE1 - JetFlash TS1GJF110 USB Device - 996.22 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 998.13 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jll2\Application Data
CLASSPATH="C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip"
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC3
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jll2
LOGONSERVER=\\PC3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\SAP\FrontEnd\sapgui\FILC\odbc;C:\Program Files\Internet Explorer;;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA="C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip"
ROLE=DESKTOP
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jll2\LOCALS~1\Temp
TMP=C:\DOCUME~1\jll2\LOCALS~1\Temp
USERDOMAIN=PC3
USERNAME=jll2
USERPROFILE=C:\Documents and Settings\jll2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Default.Profile
suhail
jll1 (admin)
jll2 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 --> MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
CARGO --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\JLL\Cargo\ST6UNST.LOG"
Citrix ICA Client --> MsiExec.exe /I{956F3E9A-3AED-40F8-8522-5F6A524CFC3E}
Citrix ICA Web Client --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CMD Prompt Here PowerToy --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\CmdHere.inf
Crystal Analysis Rich Client --> MsiExec.exe /X{C1F698BD-9C05-49C7-99E0-9EC291F050CA}
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
Flat Panel Adjust --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dell\FPAdjust\Uninst.isu"
FriendFinder Messenger v4.1 --> MsiExec.exe /I{090E87A8-C7FE-4524-B625-65657F258121}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IE5 Registration --> MsiExec.exe /I{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}
IE6SP1 for Jones Lang LaSalle --> MsiExec.exe /I{2B93C225-1FF3-448B-92B7-DA48E8C4690A}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
JLL ScreenSaver --> MsiExec.exe /I{5451A718-4A95-458A-9B98-84393D7A95D8}
JLL Screensaver (0504) --> MsiExec.exe /I{3189DFB8-11F1-4A96-A291-6D59A97545E7}
K-Lite Codec Pack 3.7.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft GB18030 Support Package --> MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}
Microsoft Office 2003 Chinese (Simplified) User Interface Pack --> MsiExec.exe /I{901E0804-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Chinese (Traditional) User Interface Pack --> MsiExec.exe /I{901E0404-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Japanese User Interface Pack --> MsiExec.exe /I{901E0411-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Korean User Interface Pack --> MsiExec.exe /I{901E0412-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Tool Web Package:WntIpcfg.exe --> MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Motorola USB Drivers v2.9 --> MsiExec.exe /X{86EB9B75-C7F8-4D7D-A032-6C5858757525}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall /norestart
SAPGUI --> MsiExec.exe /X{F1FCADE3-CB8C-4331-AA80-38D939EE144E}
Snapshot Viewer --> C:\program files\microsoft\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tera Term Pro --> C:\WINDOWS\ttuninst.exe
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
Volo View Express --> MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Messenger 5.0 --> MsiExec.exe /I{1F0BD960-6525-4FEE-B577-2473F77F1277}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xilisoft 3GP Video Converter --> C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2990 / Error
Event Submitted/Written: 03/03/2008 08:28:57 PM
Event ID/Source: 439 / ESENT
Event Description:
Catalog Database (1536) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.

Event Record #/Type2989 / Error
Event Submitted/Written: 03/03/2008 08:28:57 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (1536) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type2987 / Error
Event Submitted/Written: 03/03/2008 08:25:54 PM
Event ID/Source: 1008 / McLogEvent
Event Description:
The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 60 seconds;

Event Record #/Type2985 / Error
Event Submitted/Written: 03/03/2008 08:22:18 PM
Event ID/Source: 1008 / McLogEvent
Event Description:
The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 60 seconds;

Event Record #/Type2984 / Error
Event Submitted/Written: 03/03/2008 08:22:05 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Network Associates\VirusScan\Mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3328 (0xd00)

Thread address : 0x7C90EB94

Thread message :

Build Aug 20 2004 04:46:11 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
by svchost.exe
7600(0)(0)
7531(0)(0)
7590(0)(0)
7006(0)(0)
7005(0)(0)
7512(0)(0)
7004(0)(0)
7003(0)(0)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7000 / Error
Event Submitted/Written: 03/03/2008 08:39:09 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 104 time(s).

Event Record #/Type6999 / Error
Event Submitted/Written: 03/03/2008 08:38:57 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type6998 / Error
Event Submitted/Written: 03/03/2008 08:38:33 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type6997 / Error
Event Submitted/Written: 03/03/2008 08:38:08 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the 6to4 service.

Event Record #/Type6994 / Error
Event Submitted/Written: 03/03/2008 08:25:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 103 time(s).



-- End of Deckard's System Scanner: finished at 2008-03-03 20:41:03 ------------


moved.txt

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-03-03 16:04:39 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\93F.tmp
2008-03-03 16:05:09 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\940.tmp
2008-03-03 16:06:29 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\941.tmp
2008-03-03 16:06:50 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\942.tmp
2008-03-03 17:56:18 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\Adobe
2008-03-03 18:53:40 8118 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\doodle.bmp
2008-03-03 18:54:01 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\imvcache
2002-05-08 22:20:18 45056 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\nsb8F2.tmp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-13 09:08:10 53248 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\nsb8F3.tmp <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-03 18:53:30 8118 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\peanuts.bmp
2008-03-03 16:05:30 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\VBE
2008-03-03 19:03:55 685913 -----n--- C:\DOCUME~1\jll2\LOCALS~1\Temp\_iu14D2N.tmp <Not Verified; ; Inno Setup>
2008-03-03 19:29:50 214 --a------ C:\WINDOWS\temp\kds.xml
2008-03-03 19:48:05 16 --a------ C:\WINDOWS\temp\report.dat
2008-03-03 19:35:27 750 --a------ C:\WINDOWS\temp\SCP9E1.tmp
2008-03-03 20:05:11 108 --a------ C:\WINDOWS\temp\teredo.txt
2008-03-03 16:26:18 0 d-------- C:\WINDOWS\temp\tmp00005185
2008-03-03 18:17:19 0 d-------- C:\WINDOWS\temp\tmp000058fb
2008-03-03 19:14:48 1503 --a------ C:\WINDOWS\temp\updateop.xml
2008-03-03 18:14:37 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-02-29 20:53:34 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2003-09-11 06:46:44 226168 --a------ C:\WINDOWS\Downloaded Program Files\CSGProxy.dll <Verified; Citrix Systems, Inc.; Gateway Client for MetaFrame>
2007-06-30 19:09:06 175968 --a----c- C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
2001-04-12 13:39:46 411936 --a------ C:\WINDOWS\Downloaded Program Files\MSDDSC.dll <Verified; ; Microsoft SQL Server>
2003-09-11 17:16:56 774144 --a------ C:\WINDOWS\Downloaded Program Files\WebsiteViewer.ocx <Not Verified; Citrix Systems, Inc.; MetaFrame Secure Access Manager>

-*- End of Logfile -*-


Sophos Report



Sophos Anti-Virus
Version 4.27.0 [Win32/Intel]
Virus data version 4.27E, March 2008
Includes detection for 362444 viruses, trojans and worms
Copyright © 1989-2008 Sophos Plc, www.sophos.com

System time 10:29:50, System date 04 March 2008
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\SDFix\IDE

Using IDE file tvido-a.ide
Using IDE file chir-b.ide
Using IDE file tiny-dc.ide
Using IDE file autor-bd.ide
Using IDE file autor-be.ide
Using IDE file sdbo-djz.ide
Using IDE file cimuz-cv.ide
Using IDE file gampas-q.ide
Using IDE file virut-x.ide
Using IDE file he4hoo-e.ide
Using IDE file daymay-a.ide
Using IDE file injec-cb.ide
Using IDE file keylo-jz.ide
Using IDE file ntroo-cv.ide
Using IDE file dwnl-hav.ide
Using IDE file silly-bu.ide
Using IDE file agen-gpc.ide
Using IDE file bankd-dg.ide
Using IDE file pushu-h.ide
Using IDE file psw-es.ide
Using IDE file psw-et.ide
Using IDE file rexplo-b.ide
Using IDE file looke-ec.ide
Using IDE file ldpin-ro.ide
Using IDE file dorf-aw.ide
Using IDE file agen-gph.ide
Using IDE file banlo-ex.ide
Using IDE file rieve-a.ide
Using IDE file vb-dyr.ide
Using IDE file mailb-ck.ide
Using IDE file cyberl-a.ide
Using IDE file spwa-gen.ide
Using IDE file psyme-hm.ide
Using IDE file dwnl-hba.ide
Using IDE file zbot-d.ide
Using IDE file dload-bl.ide
Using IDE file injec-cc.ide
Using IDE file alman-e.ide
Using IDE file autor-bg.ide
Using IDE file autom-d.ide
Using IDE file dref-b.ide
Using IDE file agen-gpp.ide
Using IDE file zbot-e.ide
Using IDE file defusx-a.ide
Using IDE file agen-gpr.ide
Using IDE file tinydl-r.ide
Using IDE file downld-p.ide
Using IDE file agen-gpv.ide
Using IDE file zonie-a.ide
Using IDE file vb-dys.ide
Using IDE file silly-bw.ide
Using IDE file pushdo-h.ide
Using IDE file sheldo-a.ide
Using IDE file smal-eld.ide
Using IDE file agen-gpx.ide
Using IDE file looke-ed.ide
Using IDE file autor-bk.ide
Using IDE file swizzo-c.ide
Using IDE file dloa-bim.ide
Using IDE file iespy-f.ide
Using IDE file cblade-h.ide
Using IDE file pasala-a.ide
Using IDE file dloa-bio.ide
Using IDE file messy-a.ide
Using IDE file msnemy-a.ide
Using IDE file otakbo-a.ide
Using IDE file forbo-gv.ide
Using IDE file bckd-qlw.ide
Using IDE file smal-ele.ide
Using IDE file braban-h.ide
Using IDE file cabat-d.ide
Using IDE file ntroo-cz.ide
Using IDE file dropp-tv.ide
Using IDE file agen-gmy.ide
Using IDE file autor-bo.ide
Using IDE file pushin-a.ide
Using IDE file spy-aj.ide
Using IDE file agen-gpz.ide
Using IDE file bront-ds.ide
Using IDE file bobax-eh.ide
Using IDE file grumbl-a.ide
Using IDE file tibs-ub.ide
Using IDE file joom-a.ide
Using IDE file pccli-lj.ide
Using IDE file autor-bp.ide
Using IDE file rbot-gwj.ide
Using IDE file bront-dt.ide
Using IDE file onlin-an.ide
Using IDE file fakev-ar.ide
Using IDE file cashgr-u.ide
Using IDE file autome-a.ide
Using IDE file bront-du.ide
Using IDE file silly-by.ide
Using IDE file pccli-ll.ide
Using IDE file zapch-dz.ide
Using IDE file killfi-j.ide
Using IDE file ircb-aaq.ide
Using IDE file agen-gqo.ide
Using IDE file sohan-as.ide
Using IDE file meiti-a.ide
Using IDE file zlob-j.ide
Using IDE file dwnl-hbk.ide
Using IDE file looke-ee.ide
Using IDE file silly-bz.ide
Using IDE file proxy-ig.ide
Using IDE file sdbo-dkb.ide
Using IDE file dwnl-hbl.ide
Using IDE file banhos-i.ide
Using IDE file poison-r.ide
Using IDE file winsat-b.ide
Using IDE file ntroo-da.ide
Using IDE file bagle-tq.ide
Using IDE file downld-t.ide
Using IDE file dload-br.ide
Using IDE file bckd-qly.ide
Using IDE file wlload-a.ide
Using IDE file zbot-h.ide
Using IDE file agen-gqv.ide
Using IDE file vbsmai-a.ide
Using IDE file mdro-bqg.ide
Using IDE file looke-ef.ide
Using IDE file zlobdr-h.ide
Using IDE file anpir-a.ide
Using IDE file scrapk-a.ide
Using IDE file baload-a.ide
Using IDE file bifro-vn.ide

Full Scanning

Could not check C:\Program Files\Microsoft\Office11\Templates\1028\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\1041\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\1042\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\2052\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Password protected file C:\Program Files\SAP\FrontEnd\SAPgui\xxl\def_stor.xla
Password protected file C:\Program Files\SAP\FrontEnd\SAPgui\xxl\sap4int.xla
>>> Virus 'Troj/Keygen-BK' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP360\A0048156.exe
Removal successful
>>> Virus 'Troj/Keygen-BK' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP360\A0048212.exe
Removal successful
Could not open C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP376\A0055170.dll
>>> Virus 'Troj/Agent-GDY' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP377\A0055235.exe
Removal successful
>>> Virus 'Troj/Virtum-Gen' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP382\A0062521.dll
Removal successful
>>> Virus 'Troj/Virtum-Gen' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP382\A0067613.dll
Removal successful

1 boot sector swept.
42444 files swept in 42 minutes and 55 seconds.
7 errors were encountered.
5 viruses were discovered.
5 files out of 42444 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email [email protected]
or telephone +44 1235 559933
2 encrypted files were not checked.
Ending Sophos Anti-Virus.


SDFix


System Report
*************

Run on Tue 03/04/2008 at 07:21 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [984]
\??\C:\WINDOWS\system32\csrss.exe [1088]
\??\C:\WINDOWS\system32\winlogon.exe [1112]
C:\WINDOWS\system32\services.exe [1156]
C:\WINDOWS\system32\lsass.exe [1168]
C:\WINDOWS\system32\svchost.exe [1344]
C:\WINDOWS\system32\svchost.exe [1412]
C:\WINDOWS\System32\svchost.exe [1536]
C:\WINDOWS\System32\svchost.exe [1728]
C:\WINDOWS\System32\svchost.exe [1824]
C:\WINDOWS\system32\spoolsv.exe [1880]
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe [344]
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [388]
C:\WINDOWS\System32\svchost.exe [492]
C:\WINDOWS\System32\wdfmgr.exe [704]
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [860]
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe [1056]
C:\Program Files\Citrix\ICA Client\ssonsvr.exe [1836]
C:\WINDOWS\System32\alg.exe [2304]
C:\WINDOWS\System32\hkcmd.exe [2796]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2928]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2980]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [3044]
C:\Program Files\Winamp\winampa.exe [3736]
C:\WINDOWS\System32\igfxpers.exe [3796]
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe [3840]
C:\WINDOWS\system32\ctfmon.exe [1296]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [1044]
C:\Program Files\Messenger\msmsgs.exe [2068]
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE [2872]
C:\Program Files\Common Files\Teleca Shared\Generic.exe [628]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [676]
C:\WINDOWS\system32\wuauclt.exe [3900]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [936]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [3984]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [2576]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2212]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [3096]
C:\WINDOWS\System32\WISPTIS.EXE [4032]
C:\WINDOWS\explorer.exe [1488]
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe [3860]
C:\Program Files\Network Associates\VirusScan\Mcshield.exe [3196]
C:\Program Files\internet explorer\iexplore.exe [2896]
C:\Program Files\Mozilla Firefox\firefox.exe [2640]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [3448]
C:\WINDOWS\System32\svchost.exe [1576]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [600]


Drivers - Running:

AFD
atapi
audstub
b57w2k
Bdfndisf
bdfsfltr
bdftdif
BDSelfPr
Beep
Cdfs
CdRom
Disk
dmio
dmload
Fastfat
fdc
Fips
flpydisk
FltMgr
Ftdisk
Gpc
HidUsb
i8042prt
ialm
intelppm
ip6fw
IpNat
IPSec
isapnp
Kbdclass
kbdhid
kmixer
KSecDD
mnmdd
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NaiAvFilter1
NaiAvTdi1
NDIS
NdisTapi
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
NwlnkIpx
NwlnkNb
NwlnkSpx
NWRDR
Parport
PartMgr
ParVdm
PCI
pciide
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
senfilt
serenum
Serial
smwdm
sr
Srv
swenum
sysaudio
Tcpip
Tcpip6
TermDD
tunmp
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
Wanarp
wdmaud
EntDrv51
SASDIFSV
SASKUTIL
SASENUM


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aeaudio
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic<
  • 0

#6
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi ,


Please find the logs below.

Main.txt

Deckard's System Scanner v20071014.68
Run by jll2 on 2008-03-03 20:05:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-03-03 14:35:45 UTC - RP387 - Deckard's System Scanner Restore Point
79: 2008-03-03 14:16:48 UTC - RP386 - Uniblue RegistryBooster
78: 2008-03-02 14:00:47 UTC - RP385 - System Checkpoint
77: 2008-03-01 12:26:23 UTC - RP384 - Installed SUPERAntiSpyware Free Edition
76: 2008-03-01 06:05:42 UTC - RP383 - System Checkpoint


-- First Restore Point --
1: 2008-02-21 16:03:55 UTC - RP308 - Installed Windows XP KB896428.


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as jll2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:54 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\DOCUME~1\jll2\LOCALS~1\Temp\Rar$EX03.109\Uniblue_Registry_Booster_v2.0.1114.3657\Crack\register.exe
C:\Documents and Settings\jll2\Desktop\dss.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jll2.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\McScript_InUse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.j...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.jon...oard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.j...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS4\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxxwxv - C:\WINDOWS\
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10886 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080229-194651-190 O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R4 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-27 01:00:30 278 --a------ C:\WINDOWS\Tasks\Defrag (Desktop) .....job


-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-03 19:22:22 0 d-------- C:\Documents and Settings\jll2\Application Data\Uniblue
2008-03-03 19:04:39 0 d-------- C:\Program Files\Uniblue
2008-03-03 15:09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 15:09:32 0 d-------- C:\Documents and Settings\jll2\Application Data\Mozilla
2008-03-03 14:05:06 3503 --a------ C:\Start_.cmd
2008-03-03 14:01:46 0 d-------- C:\327882R2FWJFW
2008-03-01 17:59:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 17:56:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 17:56:54 0 d-------- C:\Documents and Settings\jll2\Application Data\SUPERAntiSpyware.com
2008-02-29 19:45:02 0 d-------- C:\Program Files\Trend Micro
2008-02-29 17:15:58 0 d-------- C:\cmdcons
2008-02-29 17:14:38 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-29 17:14:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-29 17:14:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-29 17:14:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-28 15:39:37 0 d-------- C:\VundoFix Backups
2008-02-25 12:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 15:43:10 0 d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Program Files\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files\BitDefender
2008-02-23 12:18:28 0 d-------- C:\WINDOWS\pss
2008-02-21 21:45:36 0 d-------- C:\Temp
2008-02-21 21:44:23 0 d-------- C:\Program Files\Xilisoft
2008-02-21 11:07:17 0 d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42:03 0 d-------- C:\Program Files\Unity
2008-02-19 22:40:37 0 d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38:56 0 d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33:38 0 d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26:45 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-19 20:26:35 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-19 20:26:34 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-19 20:26:34 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-19 20:26:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-19 20:26:33 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-19 20:26:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-19 20:26:31 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-19 20:26:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 18:54:40 0 d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11:42 0 d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 18:11:38 0 d-------- C:\Program Files\StumbleUpon
2008-02-19 14:52:55 0 d-------- C:\WINDOWS\network diagnostic
2008-02-19 14:07:39 0 d-------- C:\Program Files\MSXML 4.0
2008-02-19 10:51:09 0 d-------- C:\WINDOWS\Prefetch
2008-02-18 12:46:02 0 d-------- C:\WINDOWS\peernet
2008-02-18 12:46:01 0 d-------- C:\WINDOWS\provisioning
2008-02-18 12:42:16 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31:26 0 d-------- C:\WINDOWS\EHome
2008-02-15 10:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-13 10:01:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-13 09:35:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-09 19:28:40 0 d-------- C:\Program Files\Winamp
2008-02-09 19:28:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:38:34 0 d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:36:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35:43 0 d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:35:24 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35:21 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35:17 0 d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:34:37 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24:47 0 d-------- C:\WINDOWS\system32\Dell
2008-02-07 13:12:18 0 d-------- C:\Documents and Settings\jll2\Application Data\Sun
2008-02-07 12:35:55 0 d-------- C:\Documents and Settings\jll2\Application Data\WinRAR
2008-02-07 11:29:01 0 d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-07 10:06:25 0 d-------- C:\Documents and Settings\jll2\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-03-01 17:48:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files
2008-02-19 19:16:42 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-19 14:13:49 0 d-------- C:\Program Files\Microsoft Works
2008-02-18 12:46:04 0 d-------- C:\Program Files\Movie Maker
2008-02-18 12:41:40 0 d-------- C:\Program Files\Windows NT
2008-02-07 18:24:47 0 d-------- C:\Program Files\Dell
2008-02-07 11:28:52 0 d-------- C:\Documents and Settings\jll2\Application Data\Adobe
2008-01-28 10:01:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 15:49:00 0 d-------- C:\Program Files\FriendFinder
2008-01-03 09:16:49 0 d-------- C:\Program Files\NETWORK ASSOCIATES


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b72f00b-45fc-4645-9e9f-e0b8eb578d7c}]
C:\WINDOWS\system32\ibhcxxto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85429961-D537-4B19-8FDA-F284548CC281}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/05/2005 06:52 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/05/2005 06:49 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 05:30 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 12:12 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [06/13/2007 08:16 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/25/2008 12:10 PM]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [04/30/2004 09:37 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/16/2008 04:24 AM]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [03/22/2007 07:17 PM]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [08/31/2005 04:50 PM]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [04/02/2007 09:42 PM]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [04/19/2007 02:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 11:01 AM]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [04/19/2007 02:00 PM]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [03/22/2007 07:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [02/13/2004 07:55 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [10/22/2007 10:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BGInfo.lnk - C:\WINDOWS\Bginfo.exe [11/11/2005 2:40:50 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa037a-e6ac-11dc-a38d-de4af262252f}]
Auto\command- tomskype.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}]
Auto\command- E:\tomskype.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

*Newly Created Service* - ENTDRV51
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-03-03 20:41:03 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 92%
Physical Memory (total/avail): 502.07 MiB / 36.33 MiB
Pagefile Memory (total/avail): 1560.48 MiB / 413.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.19 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST340014AS - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:

\\.\PHYSICALDRIVE1 - JetFlash TS1GJF110 USB Device - 996.22 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 998.13 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jll2\Application Data
CLASSPATH="C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip"
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC3
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jll2
LOGONSERVER=\\PC3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\SAP\FrontEnd\sapgui\FILC\odbc;C:\Program Files\Internet Explorer;;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA="C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip"
ROLE=DESKTOP
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jll2\LOCALS~1\Temp
TMP=C:\DOCUME~1\jll2\LOCALS~1\Temp
USERDOMAIN=PC3
USERNAME=jll2
USERPROFILE=C:\Documents and Settings\jll2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Default.Profile
suhail
jll1 (admin)
jll2 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 --> MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
CARGO --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\JLL\Cargo\ST6UNST.LOG"
Citrix ICA Client --> MsiExec.exe /I{956F3E9A-3AED-40F8-8522-5F6A524CFC3E}
Citrix ICA Web Client --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CMD Prompt Here PowerToy --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\CmdHere.inf
Crystal Analysis Rich Client --> MsiExec.exe /X{C1F698BD-9C05-49C7-99E0-9EC291F050CA}
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
Flat Panel Adjust --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Dell\FPAdjust\Uninst.isu"
FriendFinder Messenger v4.1 --> MsiExec.exe /I{090E87A8-C7FE-4524-B625-65657F258121}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IE5 Registration --> MsiExec.exe /I{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}
IE6SP1 for Jones Lang LaSalle --> MsiExec.exe /I{2B93C225-1FF3-448B-92B7-DA48E8C4690A}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
JLL ScreenSaver --> MsiExec.exe /I{5451A718-4A95-458A-9B98-84393D7A95D8}
JLL Screensaver (0504) --> MsiExec.exe /I{3189DFB8-11F1-4A96-A291-6D59A97545E7}
K-Lite Codec Pack 3.7.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft GB18030 Support Package --> MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}
Microsoft Office 2003 Chinese (Simplified) User Interface Pack --> MsiExec.exe /I{901E0804-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Chinese (Traditional) User Interface Pack --> MsiExec.exe /I{901E0404-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Japanese User Interface Pack --> MsiExec.exe /I{901E0411-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Korean User Interface Pack --> MsiExec.exe /I{901E0412-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Tool Web Package:WntIpcfg.exe --> MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Motorola USB Drivers v2.9 --> MsiExec.exe /X{86EB9B75-C7F8-4D7D-A032-6C5858757525}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall /norestart
SAPGUI --> MsiExec.exe /X{F1FCADE3-CB8C-4331-AA80-38D939EE144E}
Snapshot Viewer --> C:\program files\microsoft\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tera Term Pro --> C:\WINDOWS\ttuninst.exe
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
Volo View Express --> MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Blaster Worm Removal Tool (KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Messenger 5.0 --> MsiExec.exe /I{1F0BD960-6525-4FEE-B577-2473F77F1277}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xilisoft 3GP Video Converter --> C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2990 / Error
Event Submitted/Written: 03/03/2008 08:28:57 PM
Event ID/Source: 439 / ESENT
Event Description:
Catalog Database (1536) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.

Event Record #/Type2989 / Error
Event Submitted/Written: 03/03/2008 08:28:57 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (1536) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type2987 / Error
Event Submitted/Written: 03/03/2008 08:25:54 PM
Event ID/Source: 1008 / McLogEvent
Event Description:
The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 60 seconds;

Event Record #/Type2985 / Error
Event Submitted/Written: 03/03/2008 08:22:18 PM
Event ID/Source: 1008 / McLogEvent
Event Description:
The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 60 seconds;

Event Record #/Type2984 / Error
Event Submitted/Written: 03/03/2008 08:22:05 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Network Associates\VirusScan\Mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3328 (0xd00)

Thread address : 0x7C90EB94

Thread message :

Build Aug 20 2004 04:46:11 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
by svchost.exe
7600(0)(0)
7531(0)(0)
7590(0)(0)
7006(0)(0)
7005(0)(0)
7512(0)(0)
7004(0)(0)
7003(0)(0)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7000 / Error
Event Submitted/Written: 03/03/2008 08:39:09 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 104 time(s).

Event Record #/Type6999 / Error
Event Submitted/Written: 03/03/2008 08:38:57 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type6998 / Error
Event Submitted/Written: 03/03/2008 08:38:33 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type6997 / Error
Event Submitted/Written: 03/03/2008 08:38:08 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the 6to4 service.

Event Record #/Type6994 / Error
Event Submitted/Written: 03/03/2008 08:25:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 103 time(s).



-- End of Deckard's System Scanner: finished at 2008-03-03 20:41:03 ------------


moved.txt

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-03-03 16:04:39 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\93F.tmp
2008-03-03 16:05:09 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\940.tmp
2008-03-03 16:06:29 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\941.tmp
2008-03-03 16:06:50 16384 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\942.tmp
2008-03-03 17:56:18 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\Adobe
2008-03-03 18:53:40 8118 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\doodle.bmp
2008-03-03 18:54:01 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\imvcache
2002-05-08 22:20:18 45056 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\nsb8F2.tmp <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-10-13 09:08:10 53248 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\nsb8F3.tmp <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-03 18:53:30 8118 --a------ C:\DOCUME~1\jll2\LOCALS~1\Temp\peanuts.bmp
2008-03-03 16:05:30 0 d-------- C:\DOCUME~1\jll2\LOCALS~1\Temp\VBE
2008-03-03 19:03:55 685913 -----n--- C:\DOCUME~1\jll2\LOCALS~1\Temp\_iu14D2N.tmp <Not Verified; ; Inno Setup>
2008-03-03 19:29:50 214 --a------ C:\WINDOWS\temp\kds.xml
2008-03-03 19:48:05 16 --a------ C:\WINDOWS\temp\report.dat
2008-03-03 19:35:27 750 --a------ C:\WINDOWS\temp\SCP9E1.tmp
2008-03-03 20:05:11 108 --a------ C:\WINDOWS\temp\teredo.txt
2008-03-03 16:26:18 0 d-------- C:\WINDOWS\temp\tmp00005185
2008-03-03 18:17:19 0 d-------- C:\WINDOWS\temp\tmp000058fb
2008-03-03 19:14:48 1503 --a------ C:\WINDOWS\temp\updateop.xml
2008-03-03 18:14:37 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-02-29 20:53:34 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2003-09-11 06:46:44 226168 --a------ C:\WINDOWS\Downloaded Program Files\CSGProxy.dll <Verified; Citrix Systems, Inc.; Gateway Client for MetaFrame>
2007-06-30 19:09:06 175968 --a----c- C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
2001-04-12 13:39:46 411936 --a------ C:\WINDOWS\Downloaded Program Files\MSDDSC.dll <Verified; ; Microsoft SQL Server>
2003-09-11 17:16:56 774144 --a------ C:\WINDOWS\Downloaded Program Files\WebsiteViewer.ocx <Not Verified; Citrix Systems, Inc.; MetaFrame Secure Access Manager>

-*- End of Logfile -*-


Sophos Report



Sophos Anti-Virus
Version 4.27.0 [Win32/Intel]
Virus data version 4.27E, March 2008
Includes detection for 362444 viruses, trojans and worms
Copyright © 1989-2008 Sophos Plc, www.sophos.com

System time 10:29:50, System date 04 March 2008
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\SDFix\IDE

Using IDE file tvido-a.ide
Using IDE file chir-b.ide
Using IDE file tiny-dc.ide
Using IDE file autor-bd.ide
Using IDE file autor-be.ide
Using IDE file sdbo-djz.ide
Using IDE file cimuz-cv.ide
Using IDE file gampas-q.ide
Using IDE file virut-x.ide
Using IDE file he4hoo-e.ide
Using IDE file daymay-a.ide
Using IDE file injec-cb.ide
Using IDE file keylo-jz.ide
Using IDE file ntroo-cv.ide
Using IDE file dwnl-hav.ide
Using IDE file silly-bu.ide
Using IDE file agen-gpc.ide
Using IDE file bankd-dg.ide
Using IDE file pushu-h.ide
Using IDE file psw-es.ide
Using IDE file psw-et.ide
Using IDE file rexplo-b.ide
Using IDE file looke-ec.ide
Using IDE file ldpin-ro.ide
Using IDE file dorf-aw.ide
Using IDE file agen-gph.ide
Using IDE file banlo-ex.ide
Using IDE file rieve-a.ide
Using IDE file vb-dyr.ide
Using IDE file mailb-ck.ide
Using IDE file cyberl-a.ide
Using IDE file spwa-gen.ide
Using IDE file psyme-hm.ide
Using IDE file dwnl-hba.ide
Using IDE file zbot-d.ide
Using IDE file dload-bl.ide
Using IDE file injec-cc.ide
Using IDE file alman-e.ide
Using IDE file autor-bg.ide
Using IDE file autom-d.ide
Using IDE file dref-b.ide
Using IDE file agen-gpp.ide
Using IDE file zbot-e.ide
Using IDE file defusx-a.ide
Using IDE file agen-gpr.ide
Using IDE file tinydl-r.ide
Using IDE file downld-p.ide
Using IDE file agen-gpv.ide
Using IDE file zonie-a.ide
Using IDE file vb-dys.ide
Using IDE file silly-bw.ide
Using IDE file pushdo-h.ide
Using IDE file sheldo-a.ide
Using IDE file smal-eld.ide
Using IDE file agen-gpx.ide
Using IDE file looke-ed.ide
Using IDE file autor-bk.ide
Using IDE file swizzo-c.ide
Using IDE file dloa-bim.ide
Using IDE file iespy-f.ide
Using IDE file cblade-h.ide
Using IDE file pasala-a.ide
Using IDE file dloa-bio.ide
Using IDE file messy-a.ide
Using IDE file msnemy-a.ide
Using IDE file otakbo-a.ide
Using IDE file forbo-gv.ide
Using IDE file bckd-qlw.ide
Using IDE file smal-ele.ide
Using IDE file braban-h.ide
Using IDE file cabat-d.ide
Using IDE file ntroo-cz.ide
Using IDE file dropp-tv.ide
Using IDE file agen-gmy.ide
Using IDE file autor-bo.ide
Using IDE file pushin-a.ide
Using IDE file spy-aj.ide
Using IDE file agen-gpz.ide
Using IDE file bront-ds.ide
Using IDE file bobax-eh.ide
Using IDE file grumbl-a.ide
Using IDE file tibs-ub.ide
Using IDE file joom-a.ide
Using IDE file pccli-lj.ide
Using IDE file autor-bp.ide
Using IDE file rbot-gwj.ide
Using IDE file bront-dt.ide
Using IDE file onlin-an.ide
Using IDE file fakev-ar.ide
Using IDE file cashgr-u.ide
Using IDE file autome-a.ide
Using IDE file bront-du.ide
Using IDE file silly-by.ide
Using IDE file pccli-ll.ide
Using IDE file zapch-dz.ide
Using IDE file killfi-j.ide
Using IDE file ircb-aaq.ide
Using IDE file agen-gqo.ide
Using IDE file sohan-as.ide
Using IDE file meiti-a.ide
Using IDE file zlob-j.ide
Using IDE file dwnl-hbk.ide
Using IDE file looke-ee.ide
Using IDE file silly-bz.ide
Using IDE file proxy-ig.ide
Using IDE file sdbo-dkb.ide
Using IDE file dwnl-hbl.ide
Using IDE file banhos-i.ide
Using IDE file poison-r.ide
Using IDE file winsat-b.ide
Using IDE file ntroo-da.ide
Using IDE file bagle-tq.ide
Using IDE file downld-t.ide
Using IDE file dload-br.ide
Using IDE file bckd-qly.ide
Using IDE file wlload-a.ide
Using IDE file zbot-h.ide
Using IDE file agen-gqv.ide
Using IDE file vbsmai-a.ide
Using IDE file mdro-bqg.ide
Using IDE file looke-ef.ide
Using IDE file zlobdr-h.ide
Using IDE file anpir-a.ide
Using IDE file scrapk-a.ide
Using IDE file baload-a.ide
Using IDE file bifro-vn.ide

Full Scanning

Could not check C:\Program Files\Microsoft\Office11\Templates\1028\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\1041\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\1042\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Could not check C:\Program Files\Microsoft\Office11\Templates\2052\WEBS11\vtidb.wiz\LOGINX.HTX (virus scan failed)
Password protected file C:\Program Files\SAP\FrontEnd\SAPgui\xxl\def_stor.xla
Password protected file C:\Program Files\SAP\FrontEnd\SAPgui\xxl\sap4int.xla
>>> Virus 'Troj/Keygen-BK' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP360\A0048156.exe
Removal successful
>>> Virus 'Troj/Keygen-BK' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP360\A0048212.exe
Removal successful
Could not open C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP376\A0055170.dll
>>> Virus 'Troj/Agent-GDY' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP377\A0055235.exe
Removal successful
>>> Virus 'Troj/Virtum-Gen' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP382\A0062521.dll
Removal successful
>>> Virus 'Troj/Virtum-Gen' found in file C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP382\A0067613.dll
Removal successful

1 boot sector swept.
42444 files swept in 42 minutes and 55 seconds.
7 errors were encountered.
5 viruses were discovered.
5 files out of 42444 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email [email protected]
or telephone +44 1235 559933
2 encrypted files were not checked.
Ending Sophos Anti-Virus.


SDFix


System Report
*************

Run on Tue 03/04/2008 at 07:21 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [984]
\??\C:\WINDOWS\system32\csrss.exe [1088]
\??\C:\WINDOWS\system32\winlogon.exe [1112]
C:\WINDOWS\system32\services.exe [1156]
C:\WINDOWS\system32\lsass.exe [1168]
C:\WINDOWS\system32\svchost.exe [1344]
C:\WINDOWS\system32\svchost.exe [1412]
C:\WINDOWS\System32\svchost.exe [1536]
C:\WINDOWS\System32\svchost.exe [1728]
C:\WINDOWS\System32\svchost.exe [1824]
C:\WINDOWS\system32\spoolsv.exe [1880]
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe [344]
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [388]
C:\WINDOWS\System32\svchost.exe [492]
C:\WINDOWS\System32\wdfmgr.exe [704]
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [860]
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe [1056]
C:\Program Files\Citrix\ICA Client\ssonsvr.exe [1836]
C:\WINDOWS\System32\alg.exe [2304]
C:\WINDOWS\System32\hkcmd.exe [2796]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2928]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2980]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [3044]
C:\Program Files\Winamp\winampa.exe [3736]
C:\WINDOWS\System32\igfxpers.exe [3796]
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe [3840]
C:\WINDOWS\system32\ctfmon.exe [1296]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [1044]
C:\Program Files\Messenger\msmsgs.exe [2068]
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE [2872]
C:\Program Files\Common Files\Teleca Shared\Generic.exe [628]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [676]
C:\WINDOWS\system32\wuauclt.exe [3900]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [936]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [3984]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe [2576]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2212]
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [3096]
C:\WINDOWS\System32\WISPTIS.EXE [4032]
C:\WINDOWS\explorer.exe [1488]
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe [3860]
C:\Program Files\Network Associates\VirusScan\Mcshield.exe [3196]
C:\Program Files\internet explorer\iexplore.exe [2896]
C:\Program Files\Mozilla Firefox\firefox.exe [2640]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [3448]
C:\WINDOWS\System32\svchost.exe [1576]
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [600]


Drivers - Running:

AFD
atapi
audstub
b57w2k
Bdfndisf
bdfsfltr
bdftdif
BDSelfPr
Beep
Cdfs
CdRom
Disk
dmio
dmload
Fastfat
fdc
Fips
flpydisk
FltMgr
Ftdisk
Gpc
HidUsb
i8042prt
ialm
intelppm
ip6fw
IpNat
IPSec
isapnp
Kbdclass
kbdhid
kmixer
KSecDD
mnmdd
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NaiAvFilter1
NaiAvTdi1
NDIS
NdisTapi
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
NwlnkIpx
NwlnkNb
NwlnkSpx
NWRDR
Parport
PartMgr
ParVdm
PCI
pciide
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
senfilt
serenum
Serial
smwdm
sr
Srv
swenum
sysaudio
Tcpip
Tcpip6
TermDD
tunmp
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
Wanarp
wdmaud
EntDrv51
SASDIFSV
SASKUTIL
SASENUM


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aeaudio
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic<
  • 0

#7
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
dpti2o
drmkaud
E1000
hpn
HPZid412
HPZipr12
HPZius12
HTTP
i2omgmt
i2omp
Imapi
ini910u
IntelIde
IpFilterDriver
IpInIp
IRENUM
lbrtfdc
Modem
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
Ndisuio
nm
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
Profos
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
s125bus
s125mdfl
s125mdm
s125mgmt
s125obex
Secdrv
Sfloppy
Simbad
SONYPVU1
Sparrow
splitter
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Trufos
Udfs
ultra
usbccgp
usbprint
usbscan
USBSTOR
ViaIde
WDICA


Services - Running:

6to4
ALG
AudioSrv
BITS
Browser
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
helpsvc
HidServ
lanmanserver
lanmanworkstation
LIVESRV
LmHosts
McAfeeFramework
McShield
McTaskManager
MDM
Netman
Nla
NWCWorkstation
NwSapAgent
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
RpcSs
SamSs
scan
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
stisvc
TapiSrv
TermService
Themes
TrkWks
UMWdf
W32Time
WebClient
winmgmt
wscsvc
wuauserv
XCOMM


Services - Stopped:

Alerter
AppMgmt
aspnet_state
CiSvc
ClipSrv
COMSysApp
dmadmin
FastUserSwitchingCompatibility
HTTPFilter
ImapiService
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
ose
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SNMP
SNMPTRAP
SSDPSRV
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
VSSERV
WmdmPmSN
Wmi
WmiApSrv
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

Feb 29 2008 1:13:52p 211 A.... "C:\Boot.bak"
Feb 29 2008 5:16:08p 281 A.SHR "C:\boot.ini"
Feb 29 2008 5:16:12p 326 A.... "C:\CF-RC.txt"
Feb 29 2008 7:42:00p 15,909 A.... "C:\ComboFix.txt"
Jan 24 2008 11:17:24a 0 A.... "C:\COMLOG.txt"
Feb 18 2008 12:38:18p 47,564 A.SHR "C:\NTDETECT.COM"
Feb 18 2008 12:38:18p 250,032 A.SHR "C:\ntldr"
Mar 3 2008 7:06:24p 1,143,996,416 A.SH. "C:\pagefile.sys"
Mar 4 2008 11:38:40a 3,053 A.... "C:\rapport.txt"
Feb 25 2008 2:14:20a 3,503 A.... "C:\Start_.cmd"
Feb 29 2008 12:23:48p 950 A.... "C:\VundoFix.txt"
Jan 9 2008 4:01:40p 146 A.... "C:\YServer.txt"


C:\WINDOWS\

Feb 29 2008 8:53:00p 0 A.... "C:\WINDOWS\0.log"
Feb 29 2008 1:13:54p 121 A.... "C:\WINDOWS\bdagent.INI"
Feb 29 2008 8:58:08p 2,621,494 A.... "C:\WINDOWS\BGInfo.bmp"
Feb 29 2008 8:52:50p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Feb 18 2008 12:48:00p 200 A.... "C:\WINDOWS\cmsetacl.log"
Feb 21 2008 11:06:58a 2,896 A.... "C:\WINDOWS\COM+.log"
Feb 21 2008 11:04:52a 353,046 A.... "C:\WINDOWS\comsetup.log"
Feb 8 2008 7:37:18p 188,324 A.... "C:\WINDOWS\DPINST.LOG"
Feb 19 2008 10:56:34a 2,243 A.... "C:\WINDOWS\DtcInstall.log"
Feb 21 2008 11:04:50a 1,054,419 A.... "C:\WINDOWS\FaxSetup.log"
Feb 19 2008 2:58:38p 49,727 A.... "C:\WINDOWS\IDNMitigationAPIs.log"
Feb 14 2008 12:09:22p 2,445 A.... "C:\WINDOWS\IE4 Error Log.txt"
Feb 19 2008 3:01:10p 80,945 A.... "C:\WINDOWS\ie7.log"
Feb 19 2008 3:05:54p 75,921 A.... "C:\WINDOWS\ie7_main.log"
Feb 2 2008 10:40:32a 125 A.... "C:\WINDOWS\IEPatchUninstall.BAK"
Feb 2 2008 10:40:40a 125 A.... "C:\WINDOWS\IEPatchUninstall.log"
Feb 21 2008 11:04:52a 1,232,522 A.... "C:\WINDOWS\iis6.log"
Feb 19 2008 3:12:26p 1,374 A.... "C:\WINDOWS\imsins.BAK"
Feb 21 2008 11:04:50a 1,374 A.... "C:\WINDOWS\imsins.log"
Feb 14 2008 11:01:52a 15,918 A.... "C:\WINDOWS\KB835409.log"
Feb 19 2008 11:01:44a 2,659 A.... "C:\WINDOWS\KB873333.log"
Feb 18 2008 12:56:28p 207,984 A.... "C:\WINDOWS\KB873339.log"
Feb 18 2008 12:59:50p 281,419 A.... "C:\WINDOWS\KB885835.log"
Feb 18 2008 1:02:24p 208,364 A.... "C:\WINDOWS\KB885836.log"
Feb 19 2008 1:45:06p 8,963 A.... "C:\WINDOWS\KB886185.log"
Feb 18 2008 1:06:40p 229,299 A.... "C:\WINDOWS\KB888302.log"
Feb 19 2008 2:00:32p 94,669 A.... "C:\WINDOWS\KB890046.log"
Feb 19 2008 1:45:42p 39,848 A.... "C:\WINDOWS\KB890859.log"
Feb 14 2008 11:22:58a 43,660 A.... "C:\WINDOWS\KB891781.log"
Feb 18 2008 12:23:06p 11,936 A.... "C:\WINDOWS\KB892130.log"
Feb 14 2008 11:11:10a 28,787 A.... "C:\WINDOWS\KB892944.log"
Feb 19 2008 1:46:00p 82,451 A.... "C:\WINDOWS\KB893756.log"
Feb 13 2008 10:03:14a 14,879 A.... "C:\WINDOWS\KB893803v2.log"
Feb 19 2008 1:47:22p 20,557 A.... "C:\WINDOWS\KB894391.log"
Feb 19 2008 1:45:52p 72,124 A.... "C:\WINDOWS\KB896358.log"
Feb 19 2008 1:46:48p 73,120 A.... "C:\WINDOWS\KB896423.log"
Feb 19 2008 11:00:00a 66,860 A.... "C:\WINDOWS\KB896424.log"
Feb 19 2008 1:45:16p 35,891 A.... "C:\WINDOWS\KB896428.log"
Feb 13 2008 10:01:36a 8,282 A.... "C:\WINDOWS\KB898461.log"
Feb 19 2008 1:46:18p 85,550 A.... "C:\WINDOWS\KB899587.log"
Feb 14 2008 11:21:28a 43,701 A.... "C:\WINDOWS\KB899589.log"
Feb 19 2008 1:46:08p 82,056 A.... "C:\WINDOWS\KB899591.log"
Feb 19 2008 1:49:08p 31,578 A.... "C:\WINDOWS\KB900485.log"
Feb 19 2008 1:48:10p 63,792 A.... "C:\WINDOWS\KB900725.log"
Feb 19 2008 1:47:46p 91,419 A.... "C:\WINDOWS\KB901017.log"
Feb 14 2008 11:05:44a 23,908 A.... "C:\WINDOWS\KB901190.log"
Feb 19 2008 1:45:24p 49,377 A.... "C:\WINDOWS\KB901214.log"
Feb 19 2008 1:47:38p 82,527 A.... "C:\WINDOWS\KB902400.log"
Feb 19 2008 11:05:56a 33,865 A.... "C:\WINDOWS\KB904706.log"
Feb 19 2008 2:52:50p 85,081 A.... "C:\WINDOWS\KB904942.log"
Feb 19 2008 1:47:52p 60,506 A.... "C:\WINDOWS\KB905414.log"
Feb 14 2008 11:27:00a 47,212 A.... "C:\WINDOWS\KB905495.log"
Feb 19 2008 1:47:58p 49,922 A.... "C:\WINDOWS\KB905749.log"
Feb 19 2008 1:48:24p 51,787 A.... "C:\WINDOWS\KB908519.log"
Feb 19 2008 1:49:20p 56,309 A.... "C:\WINDOWS\KB908531.log"
Feb 19 2008 1:48:16p 71,390 A.... "C:\WINDOWS\KB910437.log"
Feb 19 2008 1:49:44p 96,346 A.... "C:\WINDOWS\KB911280.log"
Feb 19 2008 1:48:36p 87,910 A.... "C:\WINDOWS\KB911562.log"
Feb 14 2008 11:26:14a 49,506 A.... "C:\WINDOWS\KB911564.log"
Feb 14 2008 11:06:30a 13,659 A.... "C:\WINDOWS\KB911567-OE6SP1-20060316.165634.log"
Feb 19 2008 1:48:30p 94,132 A.... "C:\WINDOWS\KB911927.log"
Feb 19 2008 10:58:42a 33,586 A.... "C:\WINDOWS\KB912919.log"
Feb 19 2008 1:49:38p 57,637 A.... "C:\WINDOWS\KB913580.log"
Feb 19 2008 1:49:52p 80,438 A.... "C:\WINDOWS\KB914388.log"
Feb 19 2008 1:49:28p 54,101 A.... "C:\WINDOWS\KB914389.log"
Feb 19 2008 2:53:50p 41,943 A.... "C:\WINDOWS\KB914440.log"
Feb 14 2008 11:34:30a 45,955 A.... "C:\WINDOWS\KB914798.log"
Feb 19 2008 2:55:44p 43,702 A.... "C:\WINDOWS\KB915865.log"
Feb 19 2008 1:51:00p 34,619 A.... "C:\WINDOWS\KB916595.log"
Feb 14 2008 11:17:46a 33,537 A.... "C:\WINDOWS\KB917344.log"
Feb 19 2008 10:58:54a 32,512 A.... "C:\WINDOWS\KB917422.log"
Feb 14 2008 11:15:08a 28,756 A.... "C:\WINDOWS\KB917734.log"
Feb 19 2008 10:59:06a 32,918 A.... "C:\WINDOWS\KB917953.log"
Feb 19 2008 1:56:58p 42,750 A.... "C:\WINDOWS\KB918118.log"
Feb 14 2008 11:29:20a 41,749 A.... "C:\WINDOWS\KB918439-IE6SP1-20060530.145346.log"
Feb 14 2008 11:07:46a 18,386 A.... "C:\WINDOWS\KB918899-IE6SP1-20060725.123917.log"
Feb 19 2008 1:51:06p 82,225 A.... "C:\WINDOWS\KB919007.log"
Feb 19 2008 2:01:02p 45,453 A.... "C:\WINDOWS\KB920213.log"
Feb 14 2008 11:23:46a 45,042 A.... "C:\WINDOWS\KB920670.log"
Feb 19 2008 1:50:00p 55,907 A.... "C:\WINDOWS\KB920683.log"
Feb 19 2008 1:51:14p 98,685 A.... "C:\WINDOWS\KB920685.log"
Feb 19 2008 1:51:44p 36,278 A.... "C:\WINDOWS\KB920872.log"
Feb 19 2008 10:59:36a 57,203 A.... "C:\WINDOWS\KB921398.log"
Feb 19 2008 11:00:22a 65,355 A.... "C:\WINDOWS\KB921883.log"
Feb 19 2008 1:50:32p 29,978 A.... "C:\WINDOWS\KB922582.log"
Feb 19 2008 11:00:14a 64,551 A.... "C:\WINDOWS\KB922616.log"
Feb 19 2008 1:52:16p 117,578 A.... "C:\WINDOWS\KB922819.log"
Feb 19 2008 1:52:06p 67,196 A.... "C:\WINDOWS\KB923191.log"
Feb 19 2008 1:51:52p 99,315 A.... "C:\WINDOWS\KB923414.log"
Feb 19 2008 2:10:04p 47,584 A.... "C:\WINDOWS\KB923689.log"
Feb 19 2008 1:53:12p 39,225 A.... "C:\WINDOWS\KB923980.log"
Feb 14 2008 11:50:30a 66,797 A.... "C:\WINDOWS\KB924191.log"
Feb 19 2008 1:52:42p 37,668 A.... "C:\WINDOWS\KB924270.log"
Feb 19 2008 1:52:00p 92,100 A.... "C:\WINDOWS\KB924496.log"
Feb 19 2008 1:56:04p 37,912 A.... "C:\WINDOWS\KB924667.log"
Feb 19 2008 2:04:48p 45,429 A.... "C:\WINDOWS\KB925398.log"
Feb 14 2008 11:31:56a 41,681 A.... "C:\WINDOWS\KB925486-IE6SP1-20060918.120000.log"
Feb 19 2008 1:57:52p 44,540 A.... "C:\WINDOWS\KB925902.log"
Feb 19 2008 1:54:04p 38,536 A.... "C:\WINDOWS\KB926247.log"
Feb 19 2008 1:53:38p 39,308 A.... "C:\WINDOWS\KB926255.log"
Feb 19 2008 1:57:24p 42,546 A.... "C:\WINDOWS\KB926436.log"
Feb 19 2008 1:56:32p 43,093 A.... "C:\WINDOWS\KB927779.log"
Feb 19 2008 1:55:30p 40,187 A.... "C:\WINDOWS\KB927802.log"
Feb 19 2008 2:01:58p 39,954 A.... "C:\WINDOWS\KB927891.log"
Feb 19 2008 1:54:38p 40,515 A.... "C:\WINDOWS\KB928255.log"
Feb 19 2008 1:55:06p 38,359 A.... "C:\WINDOWS\KB928843.log"
Feb 19 2008 2:02:24p 46,470 A.... "C:\WINDOWS\KB929123.log"
Feb 19 2008 1:58:56p 44,210 A.... "C:\WINDOWS\KB930178.log"
Feb 19 2008 2:01:28p 44,572 A.... "C:\WINDOWS\KB930916.log"
Feb 19 2008 1:59:28p 43,463 A.... "C:\WINDOWS\KB931261.log"
Feb 19 2008 1:58:26p 45,198 A.... "C:\WINDOWS\KB931784.log"
Feb 19 2008 2:00:14p 45,407 A.... "C:\WINDOWS\KB932168.log"
Feb 19 2008 2:10:30p 42,111 A.... "C:\WINDOWS\KB933729.log"
Feb 19 2008 2:03:22p 44,286 A.... "C:\WINDOWS\KB935839.log"
Feb 19 2008 2:02:52p 45,330 A.... "C:\WINDOWS\KB935840.log"
Feb 19 2008 2:08:42p 47,702 A.... "C:\WINDOWS\KB936021.log"
Feb 19 2008 2:21:36p 54,889 A.... "C:\WINDOWS\KB936357.log"
Feb 19 2008 2:07:04p 44,941 A.... "C:\WINDOWS\KB936782.log"
Feb 19 2008 3:08:02p 86,311 A.... "C:\WINDOWS\KB937894.log"
Feb 19 2008 2:08:12p 46,975 A.... "C:\WINDOWS\KB938127.log"
Feb 21 2008 11:04:50a 12,775 A.... "C:\WINDOWS\KB938127-IE7.log"
Feb 19 2008 2:05:14p 46,988 A.... "C:\WINDOWS\KB938828.log"
Feb 19 2008 2:05:38p 47,552 A.... "C:\WINDOWS\KB938829.log"
Feb 19 2008 2:10:56p 47,490 A.... "C:\WINDOWS\KB941202.log"
Feb 19 2008 3:07:00p 84,401 A.... "C:\WINDOWS\KB941568.log"
Feb 19 2008 3:09:24p 79,284 A.... "C:\WINDOWS\KB941569.log"
Feb 19 2008 3:09:54p 84,924 A.... "C:\WINDOWS\KB941644.log"
Feb 19 2008 3:04:42p 91,321 A.... "C:\WINDOWS\KB942615-IE7.log"
Feb 19 2008 3:06:32p 96,842 A.... "C:\WINDOWS\KB942763.log"
Feb 19 2008 3:10:18p 86,220 A.... "C:\WINDOWS\KB942840.log"
Feb 19 2008 3:12:26p 81,439 A.... "C:\WINDOWS\KB943055.log"
Feb 19 2008 2:53:48p 86,667 A.... "C:\WINDOWS\KB943460.log"
Feb 19 2008 3:10:46p 83,333 A.... "C:\WINDOWS\KB943485.log"
Feb 19 2008 3:11:26p 93,438 A.... "C:\WINDOWS\KB944533.log"
Feb 19 2008 3:11:26p 89,284 A.... "C:\WINDOWS\KB944533-IE7.log"
Feb 19 2008 3:07:30p 82,122 A.... "C:\WINDOWS\KB944653.log"
Feb 19 2008 3:11:56p 83,916 A.... "C:\WINDOWS\KB946026.log"
Feb 21 2008 11:04:50a 73,552 A.... "C:\WINDOWS\MedCtrOC.log"
Feb 21 2008 11:04:50a 53,593 A.... "C:\WINDOWS\msgsocm.log"
Feb 21 2008 11:04:36a 340,314 A.... "C:\WINDOWS\msmqinst.log"
Feb 19 2008 2:07:46p 294,552 A.... "C:\WINDOWS\msxml4-KB936181-enu.LOG"
Feb 21 2008 11:04:50a 186,316 A.... "C:\WINDOWS\netfxocm.log"
Feb 19 2008 2:57:12p 48,502 A.... "C:\WINDOWS\NLSDownlevelMapping.log"
Mar 3 2008 3:09:42p 0 A.... "C:\WINDOWS\nsreg.dat"
Feb 2 2008 11:57:52a 341 A.... "C:\WINDOWS\nsw.log"
Feb 29 2008 7:47:22p 977,712 A.... "C:\WINDOWS\ntbtlog.txt"
Feb 21 2008 11:04:52a 214,592 A.... "C:\WINDOWS\ntdtcsetup.log"
Feb 21 2008 11:04:50a 462,610 A.... "C:\WINDOWS\ocgen.log"
Feb 21 2008 11:04:50a 45,394 A.... "C:\WINDOWS\ocmsn.log"
Feb 19 2008 10:54:48a 1,866 A.... "C:\WINDOWS\OEWABLog.txt"
Jan 25 2008 11:28:26a 745 A.... "C:\WINDOWS\Q331320.log"
Feb 19 2008 7:37:06p 1,409 A.... "C:\WINDOWS\QTFont.for"
Mar 4 2008 1:40:56p 54,156 A..H. "C:\WINDOWS\QTFont.qfn"
Mar 4 2008 6:40:38p 512 A.... "C:\WINDOWS\randseed.rnd"
Feb 29 2008 7:21:52p 32,080 A.... "C:\WINDOWS\SchedLgU.Txt"
Feb 18 2008 12:47:34p 7,617 A.... "C:\WINDOWS\sessmgr.setup.log"
Feb 19 2008 7:16:46p 249,856 ..... "C:\WINDOWS\Setup1.exe"
Mar 4 2008 11:39:08a 2,298 A.... "C:\WINDOWS\setupact.log"
Mar 4 2008 6:23:36p 319,849 A.... "C:\WINDOWS\setupapi.log"
Feb 18 2008 12:51:34p 1,087,658 A.... "C:\WINDOWS\setupapi.log.0.old"
Feb 19 2008 10:51:18a 25,274 A.... "C:\WINDOWS\setuplog.txt"
Feb 19 2008 4:15:44p 36,396 A.... "C:\WINDOWS\spupdsvc.log"
Feb 19 2008 7:12:00p 1,212 A.... "C:\WINDOWS\ST6UNST.000"
Feb 19 2008 7:16:44p 73,216 A.... "C:\WINDOWS\ST6UNST.EXE"
Feb 18 2008 8:48:14p 474,933 A.... "C:\WINDOWS\svcpack.log"
Feb 29 2008 7:39:40p 311 A.... "C:\WINDOWS\system.ini"
Feb 21 2008 11:04:50a 53,680 A.... "C:\WINDOWS\tabletoc.log"
Feb 21 2008 11:04:50a 475,866 A.... "C:\WINDOWS\tsoc.log"
Feb 19 2008 3:11:00p 99,970 A.... "C:\WINDOWS\updspapi.log"
Jan 24 2008 11:36:12a 83 A.... "C:\WINDOWS\webica.ini"
Feb 15 2008 10:28:10a 12,083 A.... "C:\WINDOWS\WgaNotify.log"
Feb 29 2008 8:53:10p 159 A.... "C:\WINDOWS\wiadebug.log"
Feb 29 2008 8:53:00p 49 A.... "C:\WINDOWS\wiaservc.log"
Feb 29 2008 1:13:52p 1,082 A.... "C:\WINDOWS\win.ini"
Mar 4 2008 1:53:52p 2,011,703 A.... "C:\WINDOWS\WindowsUpdate.log"
Feb 19 2008 8:24:38p 17,540 A.... "C:\WINDOWS\wmsetup.log"
Feb 19 2008 10:56:24a 316,640 A.... "C:\WINDOWS\WMSysPr9.prx"
Feb 9 2008 7:31:26p 299,552 A.... "C:\WINDOWS\WMSysPrx.prx"
Feb 13 2008 10:02:26a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013"
Feb 13 2008 10:02:26a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014"
Feb 13 2008 10:02:26a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042"
Feb 13 2008 10:02:28a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072"
Feb 13 2008 10:02:30a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110"
Feb 13 2008 10:02:32a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111"
Feb 13 2008 10:02:34a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112"
Feb 13 2008 10:02:34a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113"
Feb 13 2008 10:02:34a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114"
Feb 13 2008 10:02:34a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115"
Feb 13 2008 10:02:34a 8,192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116"
Feb 14 2008 11:23:58a 8,192 A.... "C:\WINDOWS\$NtUninstallKB902400$\reg00001"
Feb 14 2008 11:23:58a 8,192 A.... "C:\WINDOWS\$NtUninstallKB902400$\reg00002"
Feb 14 2008 11:02:48a 8,192 A.... "C:\WINDOWS\$NtUninstallKB913580$\reg00001"
Feb 14 2008 11:02:48a 8,192 A.... "C:\WINDOWS\$NtUninstallKB913580$\reg00002"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00002"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00004"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00005"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00006"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00007"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00008"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00009"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00010"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00011"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00012"
Feb 19 2008 3:10:56p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00013"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00014"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00015"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00016"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00017"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00018"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00019"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00020"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00021"
Feb 19 2008 3:10:58p 12,288 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00022"
Feb 19 2008 3:10:58p 8,192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00023"
Feb 19 2008 3:10:58p 90,112 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00025"
Feb 14 2008 11:32:18a 8,192 A.... "C:\WINDOWS\$NtUninstallKB924496$\reg00001"
Feb 19 2008 1:54:42p 8,192 A.... "C:\WINDOWS\$NtUninstallKB928843$\reg00001"
Feb 19 2008 1:54:42p 8,192 A.... "C:\WINDOWS\$NtUninstallKB928843$\reg00002"
Feb 19 2008 1:54:42p 8,192 A.... "C:\WINDOWS\$NtUninstallKB928843$\reg00003"
Feb 19 2008 1:54:42p 8,192 A.... "C:\WINDOWS\$NtUninstallKB928843$\reg00004"
Feb 14 2008 11:42:56a 8,192 A.... "C:\WINDOWS\$NtUninstallKB922616$\reg00001"
Feb 14 2008 11:42:56a 8,192 A.... "C:\WINDOWS\$NtUninstallKB922616$\reg00002"
Feb 14 2008 11:42:56a 8,192 A.... "C:\WINDOWS\$NtUninstallKB922616$\reg00003"
Feb 14 2008 11:42:56a 8,192 A.... "C:\WINDOWS\$NtUninstallKB922616$\reg00004"
Feb 14 2008 11:27:58a 8,192 A.... "C:\WINDOWS\$NtUninstallKB896358$\reg00001"
Feb 14 2008 11:27:58a 8,192 A.... "C:\WINDOWS\$NtUninstallKB896358$\reg00002"
Feb 14 2008 11:27:58a 8,192 A.... "C:\WINDOWS\$NtUninstallKB896358$\reg00004"
Feb 19 2008 2:10:10p 36,864 A.... "C:\WINDOWS\$NtUninstallKB933729$\reg00001"
Feb 14 2008 11:21:38a 8,192 A.... "C:\WINDOWS\$NtUninstallKB890046_0$\reg00001"
Feb 18 2008 12:34:24p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00001"
Feb 18 2008 12:34:24p 12,288 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00005"
Feb 18 2008 12:34:24p 12,288 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00018"
Feb 18 2008 12:34:24p 36,864 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00020"
Feb 18 2008 12:34:24p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00021"
Feb 18 2008 12:34:24p 12,288 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00070"
Feb 18 2008 12:34:24p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00071"
Feb 18 2008 12:34:24p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00072"
Feb 18 2008 12:34:24p 16,384 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00073"
Feb 18 2008 12:34:24p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00139"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00140"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00166"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00167"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00168"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00169"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00170"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00171"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00172"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00173"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00174"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00176"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00177"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00178"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00179"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00180"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00181"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00182"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00183"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00184"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00185"
Feb 18 2008 12:34:26p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00186"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00187"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00188"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00189"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00190"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00191"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00192"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00193"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00194"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00195"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00196"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00197"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00198"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00199"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00200"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00201"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00202"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00203"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00204"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00205"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00206"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00207"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00208"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00209"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00210"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00211"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00212"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00213"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00214"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00215"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00216"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00217"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00218"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00219"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00220"
Feb 18 2008 12:34:28p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00221"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00222"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00223"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00224"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00225"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00226"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00227"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00228"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00229"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00230"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00231"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00232"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00233"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00234"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00235"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00236"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00237"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00238"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00239"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00240"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00241"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00242"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00243"
Feb 18 2008 12:34:30p 487,424 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00244"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00245"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00246"
Feb 18 2008 12:34:30p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00247"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00248"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00249"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00250"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00251"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00252"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00253"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00264"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00265"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00266"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00267"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00268"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00269"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00270"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00271"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00272"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00273"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00274"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00275"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00276"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00277"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00278"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00279"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00280"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00281"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00282"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00283"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00284"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00285"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00286"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00287"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00288"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00289"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00290"
Feb 18 2008 12:34:32p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00291"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00292"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00293"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00294"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00299"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00301"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00303"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00305"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00307"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00309"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00311"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00313"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00315"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00316"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00317"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00318"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00319"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00320"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00321"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00322"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00323"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00324"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00325"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00326"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00327"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00328"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00329"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00330"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00331"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00332"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00333"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00334"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00335"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00336"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00337"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00338"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00339"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00340"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00341"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00342"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00343"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00344"
Feb 18 2008 12:34:34p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00345"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00346"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00347"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00348"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00349"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00350"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00351"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00352"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00353"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00355"
Feb 18 2008 12:34:36p 487,424 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00356"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00357"
Feb 18 2008 12:34:36p 106,496 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00358"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00359"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00360"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00361"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00362"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00363"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00364"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00365"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00366"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00367"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00368"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00369"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00370"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00371"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00373"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00374"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00375"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00392"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00396"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00397"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00404"
Feb 18 2008 12:34:36p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg00405"
Feb 18 2008 12:
  • 0

#8
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01478"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01479"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01480"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01483"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01484"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01485"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01486"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01487"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01488"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01489"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01490"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01491"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01492"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01493"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01494"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01495"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01496"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01497"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01498"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01499"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01500"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01501"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01502"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01503"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01504"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01505"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01506"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01507"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01508"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01509"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01510"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01511"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01512"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01513"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01514"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01515"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01516"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01517"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01518"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01519"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01520"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01521"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01522"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01523"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01524"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01525"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01526"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01527"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01528"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01529"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01530"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01531"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01532"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01533"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01534"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01535"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01536"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01537"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01538"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01539"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01540"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01541"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01542"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01543"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01544"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01545"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01546"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01547"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01548"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01549"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01550"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01551"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01552"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01553"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01554"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01555"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01556"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01557"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01558"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01559"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01560"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01561"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01562"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01565"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01566"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01567"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01568"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01569"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01571"
Feb 18 2008 12:35:00p 12,288 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01572"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01573"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01574"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01576"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01581"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01594"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01599"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01600"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01602"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01603"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01604"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01611"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01614"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01615"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01616"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01617"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01618"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01619"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01620"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01621"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01622"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01623"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01624"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01625"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01626"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01627"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01628"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01629"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01630"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01631"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01632"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01633"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01634"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01635"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01636"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01637"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01638"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01639"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01640"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01641"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01642"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01643"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01644"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01645"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01646"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01647"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01648"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01655"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01657"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01668"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01669"
Feb 14 2008 11:06:40a 24,576 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00001"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00003"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00004"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00005"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00007"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00008"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00009"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00010"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00011"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00012"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00013"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00014"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00015"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00016"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00017"
Feb 14 2008 11:05:50a 8,192 A.... "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\reg00002"
Feb 29 2008 8:52:50p 64 A.S.. "C:\WINDOWS\CSC\00000001"
Feb 29 2008 7:33:38p 64 A.S.. "C:\WINDOWS\CSC\00000002"
Feb 29 2008 5:12:46p 64 A.S.. "C:\WINDOWS\CSC\csc1.tmp"
Feb 19 2008 10:56:50a 572 A.... "C:\WINDOWS\Debug\blastcln.log"
Feb 19 2008 2:55:04p 1,478 A.... "C:\WINDOWS\Debug\mrt.log"
Feb 19 2008 2:55:04p 1,170 A.... "C:\WINDOWS\Debug\mrteng.log"
Feb 2 2008 11:57:32a 79,381 A.... "C:\WINDOWS\Debug\NetSetup.LOG"
Feb 29 2008 8:52:50p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Feb 16 2008 3:32:34p 112 A.... "C:\WINDOWS\EHome\medctrro.cmd"
Feb 29 2008 5:18:52p 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
Feb 18 2008 12:53:50p 48,316 A.... "C:\WINDOWS\inf\accessor.PNF"
Feb 9 2008 4:24:34p 10,284 A.... "C:\WINDOWS\inf\acerscan.PNF"
Feb 19 2008 10:52:24a 10,768 A.... "C:\WINDOWS\inf\agp.PNF"
Feb 18 2008 12:47:18p 8,428 A.... "C:\WINDOWS\inf\apcompat.PNF"
Feb 19 2008 10:52:26a 43,280 A.... "C:\WINDOWS\inf\ati1xwdm.PNF"
Feb 19 2008 10:52:26a 29,012 A.... "C:\WINDOWS\inf\atiixpaa.PNF"
Feb 19 2008 10:52:26a 94,532 A.... "C:\WINDOWS\inf\atiixpag.PNF"
Feb 19 2008 10:52:26a 45,784 A.... "C:\WINDOWS\inf\atixpwdm.PNF"
Feb 19 2008 10:52:26a 14,772 A.... "C:\WINDOWS\inf\au.PNF"
Feb 19 2008 10:52:26a 20,236 A.... "C:\WINDOWS\inf\bda.PNF"
Feb 19 2008 10:52:26a 69,256 A.... "C:\WINDOWS\inf\biosinfo.PNF"
Feb 21 2008 9:48:00p 4,100 A.... "C:\WINDOWS\inf\branches.PNF"
Feb 9 2008 4:24:34p 37,336 A.... "C:\WINDOWS\inf\brmfcwia.PNF"
Feb 18 2008 12:51:20p 25,780 A.... "C:\WINDOWS\inf\bth.PNF"
Feb 19 2008 10:52:28a 8,032 A.... "C:\WINDOWS\inf\bthpan.PNF"
Feb 19 2008 10:52:28a 6,224 A.... "C:\WINDOWS\inf\bthprint.PNF"
Feb 19 2008 10:52:28a 5,972 A.... "C:\WINDOWS\inf\bthspp.PNF"
Feb 9 2008 4:24:34p 17,268 A.... "C:\WINDOWS\inf\camvid20.PNF"
Feb 9 2008 4:24:34p 16,020 A.... "C:\WINDOWS\inf\camvid30.PNF"
Feb 19 2008 10:52:28a 9,644 A.... "C:\WINDOWS\inf\ccdecode.PNF"
Feb 9 2008 7:31:14p 13,082 A.... "C:\WINDOWS\inf\codecs10.PNF"
Feb 18 2008 12:51:22p 16,972 A.... "C:\WINDOWS\inf\cpu.PNF"
Feb 19 2008 10:52:28a 321,048 A.... "C:\WINDOWS\inf\defltwk.PNF"
Feb 19 2008 10:52:28a 39,396 A.... "C:\WINDOWS\inf\devxprop.PNF"
Feb 19 2008 10:52:30a 4,084 A.... "C:\WINDOWS\inf\drm.PNF"
Feb 9 2008 7:31:10p 6,770 A.... "C:\WINDOWS\inf\DRM10.PNF"
Feb 18 2008 12:47:44p 222,180 A.... "C:\WINDOWS\inf\drvindex.PNF"
Feb 19 2008 10:52:32a 329,044 A.... "C:\WINDOWS\inf\dwup.PNF"
Feb 9 2008 4:24:34p 11,416 A.... "C:\WINDOWS\inf\epsnmfp.PNF"
Feb 9 2008 4:24:36p 45,632 A.... "C:\WINDOWS\inf\epsnscan.PNF"
Feb 23 2008 3:40:38p 4,684 A.... "C:\WINDOWS\inf\Erma.PNF"
Feb 9 2008 4:24:34p 23,876 A.... "C:\WINDOWS\inf\fjtscan.PNF"
Feb 19 2008 10:52:32a 5,004 A.... "C:\WINDOWS\inf\fltmgr.PNF"
Feb 18 2008 12:53:46p 17,568 A.... "C:\WINDOWS\inf\fp40ext.PNF"
Feb 18 2008 12:53:40p 55,728 A.... "C:\WINDOWS\inf\fxsocm.PNF"
Feb 19 2008 10:52:32a 7,780 A.... "C:\WINDOWS\inf\hidbth.PNF"
Feb 19 2008 10:52:32a 9,476 A.... "C:\WINDOWS\inf\hiddigi.PNF"
Feb 19 2008 10:52:32a 12,720 A.... "C:\WINDOWS\inf\hidserv.PNF"
Feb 9 2008 4:24:34p 7,024 A.... "C:\WINDOWS\inf\hpdigwia.PNF"
Feb 9 2008 4:24:34p 23,052 A.... "C:\WINDOWS\inf\hpojscan.PNF"
Feb 9 2008 4:24:36p 41,068 A.... "C:\WINDOWS\inf\hpscan.PNF"
Feb 19 2008 10:52:32a 18,084 A.... "C:\WINDOWS\inf\i81xnt5.PNF"
Feb 9 2008 4:24:36p 13,148 A.... "C:\WINDOWS\inf\icam3.PNF"
Feb 9 2008 4:24:34p 17,876 A.... "C:\WINDOWS\inf\icam4usb.PNF"
Feb 9 2008 4:24:34p 13,708 A.... "C:\WINDOWS\inf\icam5usb.PNF"
Feb 19 2008 10:52:34a 83,728 A.... "C:\WINDOWS\inf\ie.PNF"
Feb 19 2008 3:01:10p 795 A.... "C:\WINDOWS\inf\ieaccess.inf"
Feb 19 2008 3:04:26p 4,424 A.... "C:\WINDOWS\inf\ieaccess.PNF"
Feb 18 2008 12:53:40p 971,036 A.... "C:\WINDOWS\inf\iis.PNF"
Feb 9 2008 4:24:36p 22,804 A.... "C:\WINDOWS\inf\image.PNF"
Feb 18 2008 12:53:46p 105,208 A.... "C:\WINDOWS\inf\ims.PNF"
Feb 23 2008 3:40:48p 1,480,936 A.... "C:\WINDOWS\inf\INFCACHE.1"
Feb 19 2008 10:52:34a 100,124 A.... "C:\WINDOWS\inf\input.PNF"
Feb 19 2008 10:52:38a 424,000 A.... "C:\WINDOWS\inf\intl.PNF"
Feb 19 2008 10:52:38a 18,840 A.... "C:\WINDOWS\inf\irbus.PNF"
Feb 9 2008 4:24:36p 22,040 A.... "C:\WINDOWS\inf\kdk2x0.PNF"
Feb 9 2008 4:24:34p 10,712 A.... "C:\WINDOWS\inf\kdkscan.PNF"
Feb 19 2008 10:52:38a 57,268 A.... "C:\WINDOWS\inf\keyboard.PNF"
Feb 9 2008 4:24:36p 10,212 A.... "C:\WINDOWS\inf\kodak.PNF"
Feb 19 2008 10:52:38a 91,444 A.... "C:\WINDOWS\inf\ks.PNF"
Feb 19 2008 10:52:38a 43,500 A.... "C:\WINDOWS\inf\kscaptur.PNF"
Feb 19 2008 10:52:38a 24,640 A.... "C:\WINDOWS\inf\ksfilter.PNF"
Feb 18 2008 12:47:38p 1,051,064 A.... "C:\WINDOWS\inf\layout.PNF"
Feb 18 2008 12:47:42p 187,380 A.... "C:\WINDOWS\inf\machine.PNF"
Feb 19 2008 10:52:40a 30,280 A.... "C:\WINDOWS\inf\mchgr.PNF"
Feb 19 2008 10:52:40a 17,572 A.... "C:\WINDOWS\inf\mdac.PNF"
Feb 19 2008 10:52:40a 40,560 A.... "C:\WINDOWS\inf\mdmbtmdm.PNF"
Feb 19 2008 10:52:40a 68,340 A.... "C:\WINDOWS\inf\mdmcxsf2.PNF"
Feb 19 2008 10:52:42a 152,828 A.... "C:\WINDOWS\inf\mdmhamrw.PNF"
Feb 19 2008 10:52:42a 107,872 A.... "C:\WINDOWS\inf\mdmirmdm.PNF"
Feb 19 2008 10:52:42a 46,132 A.... "C:\WINDOWS\inf\mdmntstm.PNF"
Feb 18 2008 12:53:54p 106,528 A.... "C:\WINDOWS\inf\medctroc.PNF"
Feb 19 2008 10:52:42a 15,196 A.... "C:\WINDOWS\inf\moviemk.PNF"
Feb 19 2008 10:52:42a 8,284 A.... "C:\WINDOWS\inf\mpe.PNF"
Feb 19 2008 10:52:44a 30,644 A.... "C:\WINDOWS\inf\mplayer2.PNF"
Feb 9 2008 7:31:04p 6,178 A.... "C:\WINDOWS\inf\MPPRE10.PNF"
Feb 9 2008 4:24:36p 39,084 A.... "C:\WINDOWS\inf\msdv.PNF"
Feb 19 2008 10:52:44a 49,540 A.... "C:\WINDOWS\inf\mshdc.PNF"
Feb 9 2008 4:24:34p 29,140 A.... "C:\WINDOWS\inf\msmscsi.PNF"
Feb 9 2008 4:24:34p 15,364 A.... "C:\WINDOWS\inf\msmusb.PNF"
Feb 19 2008 10:52:44a 60,940 A.... "C:\WINDOWS\inf\msnetmtg.PNF"
Feb 18 2008 12:53:54p 9,492 A.... "C:\WINDOWS\inf\msnmsn.PNF"
Feb 19 2008 10:52:46a 35,964 A.... "C:\WINDOWS\inf\msoe50.PNF"
Feb 19 2008 10:52:46a 23,816 A.... "C:\WINDOWS\inf\mstape.PNF"
Feb 18 2008 12:53:52p 11,984 A.... "C:\WINDOWS\inf\multimed.PNF"
Feb 19 2008 10:52:46a 7,856 A.... "C:\WINDOWS\inf\mymusic.PNF"
Feb 19 2008 10:52:46a 9,636 A.... "C:\WINDOWS\inf\nabtsfec.PNF"
Feb 19 2008 10:52:46a 9,096 A.... "C:\WINDOWS\inf\ndisip.PNF"
Feb 18 2008 12:54:02p 3,652 A.... "C:\WINDOWS\inf\netbeac.PNF"
Feb 19 2008 10:52:24a 3,704 A.... "C:\WINDOWS\inf\netfw.PNF"
Feb 18 2008 12:53:54p 174,876 A.... "C:\WINDOWS\inf\netfxocm.PNF"
Feb 19 2008 10:52:46a 13,020 A.... "C:\WINDOWS\inf\netip6.PNF"
Feb 19 2008 10:52:48a 20,344 A.... "C:\WINDOWS\inf\netmscli.PNF"
Feb 18 2008 12:53:40p 16,448 A.... "C:\WINDOWS\inf\netoc.PNF"
Feb 19 2008 10:52:48a 45,180 A.... "C:\WINDOWS\inf\netrass.PNF"
Feb 19 2008 10:52:48a 6,800 A.... "C:\WINDOWS\inf\netrndis.PNF"
Feb 19 2008 10:52:48a 19,836 A.... "C:\WINDOWS\inf\netrtsnt.PNF"
Feb 19 2008 10:52:50a 38,304 A.... "C:\WINDOWS\inf\nettcpip.PNF"
Feb 19 2008 10:52:50a 6,348 A.... "C:\WINDOWS\inf\nettun.PNF"
Feb 19 2008 10:52:50a 8,932 A.... "C:\WINDOWS\inf\netupnph.PNF"
Feb 19 2008 10:52:50a 7,028 A.... "C:\WINDOWS\inf\netwzc.PNF"
Feb 19 2008 10:52:56a 1,317,388 A.... "C:\WINDOWS\inf\ntprint.PNF"
Feb 19 2008 10:52:58a 53,292 A.... "C:\WINDOWS\inf\nv4_disp.PNF"
Feb 19 2008 10:52:58a 22,148 A.... "C:\WINDOWS\inf\nvct.PNF"
Feb 19 2008 10:53:00a 34,060 A.... "C:\WINDOWS\inf\nvdm.PNF"
Feb 19 2008 10:53:00a 22,196 A.... "C:\WINDOWS\inf\nvts.PNF"
Feb 18 2008 12:53:48p 4,384 A.... "C:\WINDOWS\inf\oeaccess.PNF"
Jan 25 2008 11:28:20a 9,494 A.... "C:\WINDOWS\inf\oem24.PNF"
Feb 8 2008 7:36:52p 8,432 A.... "C:\WINDOWS\inf\oem25.PNF"
Feb 8 2008 7:36:52p 21,610 A.... "C:\WINDOWS\inf\oem26.PNF"
Feb 8 2008 7:36:52p 8,930 A.... "C:\WINDOWS\inf\oem27.PNF"
Feb 8 2008 7:36:54p 9,274 A.... "C:\WINDOWS\inf\oem28.PNF"
Feb 8 2008 7:36:54p 9,200 A.... "C:\WINDOWS\inf\oem29.PNF"
Feb 8 2008 7:36:54p 23,530 A.... "C:\WINDOWS\inf\oem30.PNF"
Feb 8 2008 7:36:54p 12,418 A.... "C:\WINDOWS\inf\oem31.PNF"
Feb 8 2008 7:36:54p 10,274 A.... "C:\WINDOWS\inf\oem32.PNF"
Feb 8 2008 7:36:54p 10,618 A.... "C:\WINDOWS\inf\oem33.PNF"
Feb 8 2008 7:36:56p 11,610 A.... "C:\WINDOWS\inf\oem34.PNF"
Feb 8 2008 7:36:56p 9,056 A.... "C:\WINDOWS\inf\oem35.PNF"
Feb 8 2008 7:36:56p 23,050 A.... "C:\WINDOWS\inf\oem36.PNF"
Feb 8 2008 7:36:56p 9,938 A.... "C:\WINDOWS\inf\oem37.PNF"
Feb 8 2008 7:36:56p 10,282 A.... "C:\WINDOWS\inf\oem38.PNF"
Feb 8 2008 7:36:58p 8,048 A.... "C:\WINDOWS\inf\oem39.PNF"
Feb 8 2008 7:36:58p 20,650 A.... "C:\WINDOWS\inf\oem40.PNF"
Feb 8 2008 7:36:58p 12,410 A.... "C:\WINDOWS\inf\oem41.PNF"
Feb 8 2008 7:36:58p 8,258 A.... "C:\WINDOWS\inf\oem42.PNF"
Feb 8 2008 7:37:00p 8,602 A.... "C:\WINDOWS\inf\oem43.PNF"
Feb 8 2008 7:37:00p 9,690 A.... "C:\WINDOWS\inf\oem44.PNF"
Feb 8 2008 7:37:00p 7,952 A.... "C:\WINDOWS\inf\oem45.PNF"
Feb 8 2008 7:37:00p 20,410 A.... "C:\WINDOWS\inf\oem46.PNF"
Feb 8 2008 7:37:00p 12,418 A.... "C:\WINDOWS\inf\oem47.PNF"
Feb 8 2008 7:37:02p 8,090 A.... "C:\WINDOWS\inf\oem48.PNF"
Feb 8 2008 7:37:02p 8,434 A.... "C:\WINDOWS\inf\oem49.PNF"
Feb 8 2008 7:37:02p 9,546 A.... "C:\WINDOWS\inf\oem50.PNF"
Feb 8 2008 7:37:02p 7,920 A.... "C:\WINDOWS\inf\oem51.PNF"
Feb 8 2008 7:37:02p 20,234 A.... "C:\WINDOWS\inf\oem52.PNF"
Feb 8 2008 7:37:02p 12,410 A.... "C:\WINDOWS\inf\oem53.PNF"
Feb 8 2008 7:37:04p 7,986 A.... "C:\WINDOWS\inf\oem54.PNF"
Feb 8 2008 7:37:04p 8,330 A.... "C:\WINDOWS\inf\oem55.PNF"
Feb 8 2008 7:37:04p 9,378 A.... "C:\WINDOWS\inf\oem56.PNF"
Feb 8 2008 7:37:04p 7,776 A.... "C:\WINDOWS\inf\oem57.PNF"
Feb 8 2008 7:37:04p 19,242 A.... "C:\WINDOWS\inf\oem58.PNF"
Feb 8 2008 7:37:06p 7,850 A.... "C:\WINDOWS\inf\oem59.PNF"
Feb 8 2008 7:37:06p 8,106 A.... "C:\WINDOWS\inf\oem60.PNF"
Feb 8 2008 7:37:06p 14,784 A.... "C:\WINDOWS\inf\oem61.PNF"
Feb 8 2008 7:37:06p 15,072 A.... "C:\WINDOWS\inf\oem62.PNF"
Feb 8 2008 7:37:06p 15,656 A.... "C:\WINDOWS\inf\oem63.PNF"
Feb 8 2008 7:37:06p 16,160 A.... "C:\WINDOWS\inf\oem64.PNF"
Feb 8 2008 7:37:06p 15,912 A.... "C:\WINDOWS\inf\oem65.PNF"
Feb 13 2008 9:35:32a 0 ...H. "C:\WINDOWS\inf\oem66.inf"
Feb 18 2008 12:26:06p 2,268,740 A.... "C:\WINDOWS\inf\oem67.PNF"
Feb 19 2008 11:01:00a 0 ...H. "C:\WINDOWS\inf\oem68.inf"
Jan 25 2008 3:38:02p 1,550 A.... "C:\WINDOWS\inf\oem69.inf"
Feb 23 2008 3:40:36p 5,224 A.... "C:\WINDOWS\inf\oem69.PNF"
Jan 25 2008 3:38:10p 2,872 A.... "C:\WINDOWS\inf\oem70.inf"
Feb 23 2008 3:40:48p 7,708 A.... "C:\WINDOWS\inf\oem70.PNF"
Feb 19 2008 10:53:04a 17,240 A.... "C:\WINDOWS\inf\oobe.PNF"
Feb 9 2008 4:24:36p 24,812 A.... "C:\WINDOWS\inf\ovcam.PNF"
Feb 18 2008 12:54:02p 14,240 A.... "C:\WINDOWS\inf\p2p.PNF"
Feb 19 2008 10:53:04a 35,832 A.... "C:\WINDOWS\inf\parhmse.PNF"
Feb 19 2008 10:53:04a 13,292 A.... "C:\WINDOWS\inf\pchealth.PNF"
Feb 9 2008 4:24:34p 10,484 A.... "C:\WINDOWS\inf\phil1vid.PNF"
Feb 9 2008 4:24:34p 13,828 A.... "C:\WINDOWS\inf\phil2vid.PNF"
Feb 19 2008 10:53:04a 105,552 A.... "C:\WINDOWS\inf\pnpscsi.PNF"
Feb 19 2008 10:53:04a 9,380 A.... "C:\WINDOWS\inf\ps5333.PNF"
Feb 19 2008 10:53:04a 11,416 A.... "C:\WINDOWS\inf\qmgr.PNF"
Feb 19 2008 10:53:04a 7,172 A.... "C:\WINDOWS\inf\ramdisk.PNF"
Feb 9 2008 4:24:36p 18,476 A.... "C:\WINDOWS\inf\ricoh.PNF"
Feb 19 2008 10:53:06a 38,256 A.... "C:\WINDOWS\inf\sceregvl.PNF"
Feb 19 2008 10:53:06a 21,944 A.... "C:\WINDOWS\inf\scsi.PNF"
Feb 18 2008 12:51:20p 10,632 A.... "C:\WINDOWS\inf\sdbus.PNF"
Feb 19 2008 10:53:06a 26,320 A.... "C:\WINDOWS\inf\secrecs.PNF"
Feb 8 2008 7:38:48p 14,404 A.... "C:\WINDOWS\inf\Sem062_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem115_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem116_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem125_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem616_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem716_BT_x64.PNF"
Feb 19 2008 10:53:06a 7,808 A.... "C:\WINDOWS\inf\sffdisk.PNF"
Feb 19 2008 10:53:06a 38,476 A.... "C:\WINDOWS\inf\shell.PNF"
Feb 19 2008 10:53:06a 15,720 A.... "C:\WINDOWS\inf\shl_img.PNF"
Feb 19 2008 10:53:08a 4,444 A.... "C:\WINDOWS\inf\skins.PNF"
Feb 19 2008 10:53:08a 9,196 A.... "C:\WINDOWS\inf\slip.PNF"
Feb 19 2008 10:53:08a 36,372 A.... "C:\WINDOWS\inf\smartcrd.PNF"
Feb 9 2008 4:24:34p 87,168 A.... "C:\WINDOWS\inf\stillcam.PNF"
Feb 19 2008 10:53:08a 11,956 A.... "C:\WINDOWS\inf\streamip.PNF"
Feb 19 2008 10:53:08a 5,724 A.... "C:\WINDOWS\inf\swflash.PNF"
Feb 18 2008 12:53:40p 7,232 A.... "C:\WINDOWS\inf\sysoc.PNF"
Feb 19 2008 10:53:08a 100,612 A.... "C:\WINDOWS\inf\syssetup.PNF"
Feb 18 2008 12:53:54p 558,428 A.... "C:\WINDOWS\inf\tabletpc.PNF"
Feb 19 2008 10:53:10a 59,804 A.... "C:\WINDOWS\inf\tape.PNF"
Feb 19 2008 10:53:14a 9,424 A.... "C:\WINDOWS\inf\tdibth.PNF"
Feb 9 2008 4:24:34p 9,900 A.... "C:\WINDOWS\inf\tsbvcap.PNF"
Feb 18 2008 12:53:42p 122,712 A.... "C:\WINDOWS\inf\tsoc.PNF"
Feb 9 2008 4:24:36p 68,364 A.... "C:\WINDOWS\inf\umax.PNF"
Feb 9 2008 4:24:34p 10,992 A.... "C:\WINDOWS\inf\umaxpp.PNF"
Feb 19 2008 10:53:14a 51,448 A.... "C:\WINDOWS\inf\usbport.PNF"
Feb 19 2008 10:53:14a 24,920 A.... "C:\WINDOWS\inf\usbvideo.PNF"
Feb 19 2008 10:54:46a 21,352 A.... "C:\WINDOWS\inf\wab50.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp0.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp1.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp2.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp3.PNF"
Feb 19 2008 10:53:16a 8,876 A.... "C:\WINDOWS\inf\wfp4.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp5.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp6.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp7.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp8.PNF"
Feb 18 2008 12:53:48p 4,056 A.... "C:\WINDOWS\inf\wmaccess.PNF"
Feb 19 2008 10:53:18a 21,768 A.... "C:\WINDOWS\inf\wmdm.PNF"
Feb 9 2008 7:31:28p 22,146 A.... "C:\WINDOWS\inf\WMDM10.PNF"
Feb 18 2008 12:47:38p 15,908 A.... "C:\WINDOWS\inf\wmfsdk.PNF"
Feb 9 2008 7:31:16p 10,744 A.... "C:\WINDOWS\inf\WMFSDK10.PNF"
Feb 18 2008 12:47:40p 56,940 A.... "C:\WINDOWS\inf\wmp.PNF"
Feb 18 2008 12:53:50p 4,408 A.... "C:\WINDOWS\inf\wmpocm.PNF"
Feb 13 2008 10:55:10a 3,988 A.... "C:\WINDOWS\inf\wmsetsdk.PNF"
Feb 18 2008 12:53:52p 16,656 A.... "C:\WINDOWS\inf\wordpad.PNF"
Feb 9 2008 7:31:34p 10,524 A.... "C:\WINDOWS\inf\WPD10.PNF"
Feb 13 2008 10:55:16a 10,428 A.... "C:\WINDOWS\inf\wpdmtp.PNF"
Feb 19 2008 10:53:18a 9,200 A.... "C:\WINDOWS\inf\wstcodec.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv0.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv1.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv2.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv3.PNF"
Feb 19 2008 10:53:20a 8,892 A.... "C:\WINDOWS\inf\wtv4.PNF"
Feb 19 2008 10:53:20a 8,892 A.... "C:\WINDOWS\inf\wtv5.PNF"
Feb 9 2008 4:24:36p 9,936 A.... "C:\WINDOWS\inf\xscan_xp.PNF"
Feb 23 2008 1:21:34p 5,668 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"
Feb 23 2008 12:20:06p 211 ..... "C:\WINDOWS\pss\boot.ini.backup"
Feb 22 2008 3:07:54p 315 ..... "C:\WINDOWS\pss\system.ini.backup"
Feb 20 2008 12:58:06p 1,082 ..... "C:\WINDOWS\pss\win.ini.backup"
Feb 21 2008 11:02:24a 23,600 A.... "C:\WINDOWS\Registration\R000000000012.clb"
Feb 21 2008 11:02:24a 23,584 A.... "C:\WINDOWS\Registration\R000000000013.clb"
Feb 21 2008 11:02:46a 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CEFFE259-C959-425A-9658-39C78F9E2E9A}.crmlog"
Feb 19 2008 4:16:02p 249,200 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Feb 4 2008 3:09:48p 18,214,008 A.... "C:\WINDOWS\system32\MRT.exe"
Feb 21 2008 11:02:34a 53,608 A.... "C:\WINDOWS\system32\perfc009.dat"
Feb 21 2008 11:02:34a 383,254 A.... "C:\WINDOWS\system32\perfh009.dat"
Feb 21 2008 11:02:34a 431,592 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
Jan 11 2008 11:23:32a 44,544 ..... "C:\WINDOWS\system32\pngfilt.dll"
Feb 22 2008 2:06:36p 4,395 A.... "C:\WINDOWS\system32\qtplugin.log"
Feb 19 2008 10:51:48a 245 A.... "C:\WINDOWS\system32\spupdwxp.log"
Mar 4 2008 11:36:18a 3,976 A.... "C:\WINDOWS\system32\tmp.reg"
Mar 4 2008 11:36:18a 0 A.... "C:\WINDOWS\system32\tmp.txt"
Feb 19 2008 3:06:10p 132,902 A.... "C:\WINDOWS\system32\TZLog.log"
Feb 29 2008 8:53:30p 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"
Jan 10 2008 1:15:30p 755,027 A.... "C:\WINDOWS\system32\xvidcore.dll"
Jan 10 2008 1:16:20p 159,839 A.... "C:\WINDOWS\system32\xvidvfw.dll"
Feb 27 2008 1:00:32a 278 A.... "C:\WINDOWS\Tasks\Defrag (Desktop) .....job"
Feb 29 2008 8:52:50p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Mar 4 2008 6:47:34p 214 A.... "C:\WINDOWS\TEMP\kds.xml"
Mar 3 2008 11:48:02p 16 A.... "C:\WINDOWS\TEMP\report.dat"
Mar 4 2008 7:03:10p 750 A.... "C:\WINDOWS\TEMP\SCPD1D.tmp"
Mar 4 2008 7:18:18p 121,770 A.... "C:\WINDOWS\TEMP\scsD2F.tmp"
Mar 4 2008 7:17:40p 108 A.... "C:\WINDOWS\TEMP\teredo.txt"
Mar 3 2008 11:47:34p 265 A.... "C:\WINDOWS\TEMP\updateop.xml"
Mar 4 2008 6:20:58p 255 A.... "C:\WINDOWS\TEMP\WGAErrLog.txt"
Feb 13 2008 10:03:12a 15,686 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf"
Feb 13 2008 10:02:34a 967 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt"
Feb 14 2008 11:05:44a 7,364 A.... "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.inf"
Feb 14 2008 11:05:08a 431 A.... "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.txt"
Feb 19 2008 1:59:28p 8,568 A.... "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.inf"
Feb 19 2008 1:59:02p 320 A.... "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.txt"
Feb 19 2008 1:49:44p 11,306 A.... "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.inf"
Feb 14 2008 11:36:28a 1,929 A.... "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.txt"
Feb 14 2008 11:12:22a 620 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\KB923191.asms"
Feb 19 2008 1:52:06p 9,111 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.inf"
Feb 14 2008 11:12:10a 648 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.txt"
Feb 19 2008 1:47:38p 16,945 A.... "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.inf"
Feb 14 2008 11:23:58a 2,881 A.... "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.txt"
Feb 19 2008 2:08:42p 9,193 A.... "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.inf"
Feb 19 2008 2:08:20p 360 A.... "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.txt"
Feb 19 2008 1:52:42p 8,714 A.... "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.inf"
Feb 19 2008 1:52:20p 700 A.... "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.txt"
Feb 14 2008 11:50:30a 10,385 A.... "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.inf"
Feb 14 2008 11:49:46a 415 A.... "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.txt"
Feb 19 2008 2:07:02p 8,653 A.... "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.inf"
Feb 19 2008 2:06:36p 218 A.... "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.txt"
Feb 19 2008 1:49:38p 10,117 A.... "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.inf"
Feb 14 2008 11:02:48a 1,916 A.... "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.txt"
Feb 19 2008 2:53:50p 10,030 A.... "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.inf"
Feb 19 2008 2:52:56p 325 A.... "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.txt"
Feb 19 2008 2:10:56p 9,340 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.inf"
Feb 19 2008 2:10:36p 370 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.txt"
Feb 19 2008 1:48:36p 9,225 A.... "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.inf"
Feb 14 2008 11:35:32a 438 A.... "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.txt"
Feb 19 2008 2:02:52p 8,846 A.... "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.inf"
Feb 19 2008 2:02:28p 320 A.... "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.txt"
Feb 19 2008 2:02:24p 10,469 A.... "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.inf"
Feb 19 2008 2:02:04p 1,136 A.... "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.txt"
Feb 19 2008 1:47:22p 8,313 A.... "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.inf"
Feb 19 2008 1:46:54p 552 A.... "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.txt"
Feb 19 2008 2:01:02p 9,171 A.... "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.inf"
Feb 19 2008 2:00:36p 630 A.... "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.txt"
Feb 14 2008 11:04:30a 620 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\KB908531.asms"
Feb 19 2008 1:49:20p 9,115 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.inf"
Feb 14 2008 11:04:20a 724 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.txt"
Feb 14 2008 11:23:44a 8,089 A.... "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.inf"
Feb 14 2008 11:23:06a 409 A.... "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.txt"
Feb 14 2008 11:12:00a 7,555 A.... "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.inf"
Feb 14 2008 11:11:20a 427 A.... "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.txt"
Feb 19 2008 2:53:48p 9,159 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.inf"
Feb 19 2008 2:53:22p 404 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.txt"
Feb 14 2008 11:15:08a 7,124 A.... "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.inf"
Feb 14 2008 11:14:28a 321 A.... "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.txt"
Feb 19 2008 2:01:58p 8,711 A.... "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.inf"
Feb 19 2008 2:01:34p 347 A.... "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.txt"
Feb 19 2008 1:51:52p 9,442 A.... "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.inf"
Feb 14 2008 11:46:32a 405 A.... "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.txt"
Feb 14 2008 11:26:14a 7,908 A.... "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.inf"
Feb 14 2008 11:25:34a 331 A.... "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.txt"
Feb 19 2008 3:12:26p 9,946 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
Feb 19 2008 3:12:02p 320 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
Feb 19 2008 3:11:26p 13,548 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.inf"
Feb 19 2008 3:10:58p 1,107 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.txt"
Feb 19 2008 3:10:18p 9,176 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.inf"
Feb 19 2008 3:09:58p 178 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.txt"
Feb 19 2008 1:51:44p 9,065 A.... "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.inf"
Feb 19 2008 1:51:22p 870 A.... "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.txt"
Feb 19 2008 1:54:38p 9,495 A.... "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.inf"
Feb 19 2008 1:54:10p 563 A.... "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.txt"
Feb 19 2008 1:50:32p 8,625 A.... "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.inf"
Feb 19 2008 1:50:06p 696 A.... "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.txt"
Feb 19 2008 1:46:08p 8,626 A.... "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.inf"
Feb 14 2008 11:41:16a 187 A.... "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.txt"
Feb 19 2008 1:45:24p 7,777 A.... "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.inf"
Feb 14 2008 11:12:58a 358 A.... "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.txt"
Feb 19 2008 1:55:30p 8,208 A.... "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.inf"
Feb 19 2008 1:55:10p 320 A.... "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.txt"
Feb 19 2008 1:47:52p 7,481 A.... "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.inf"
Feb 14 2008 11:16:18a 183 A.... "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.txt"
Feb 14 2008 11:17:46a 7,803 A.... "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.inf"
Feb 14 2008 11:17:00a 421 A.... "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.txt"
Feb 19 2008 1:53:12p 9,454 A.... "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.inf"
Feb 19 2008 1:52:48p 943 A.... "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.txt"
Feb 18 2008 1:06:40p 6,782 A.... "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.inf"
Feb 18 2008 1:03:24p 87 A.... "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.txt"
Feb 13 2008 10:01:36a 7,177 A.... "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.inf"
Feb 13 2008 10:00:56a 463 A.... "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.txt"
Feb 19 2008 2:52:50p 9,128 A.... "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.inf"
Feb 19 2008 2:52:22p 267 A.... "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.txt"
Feb 19 2008 1:50:00p 7,940 A.... "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.inf"
Feb 14 2008 10:59:32a 720 A.... "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.txt"
Feb 19 2008 1:53:38p 7,998 A.... "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf"
Feb 19 2008 1:53:16p 300 A.... "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt"
Feb 14 2008 11:22:58a 7,502 A.... "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.inf"
Feb 14 2008 11:22:24a 222 A.... "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.txt"
Feb 19 2008 3:08:02p 12,138 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
Feb 19 2008 3:07:36p 1,808 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
Feb 19 2008 1:57:52p 9,498 A.... "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf"
Feb 19 2008 1:57:28p 878 A.... "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt"
Feb 19 2008 1:51:06p 8,349 A.... "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.inf"
Feb 14 2008 11:20:06a 423 A.... "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.txt"
Feb 19 2008 3:09:54p 9,752 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
Feb 19 2008 3:09:30p 316 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
Feb 14 2008 11:16:10a 7,763 A.... "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.inf"
Feb 14 2008 11:15:20a 417 A.... "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.txt"
Feb 14 2008 11:46:20a 9,024 A.... "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.inf"
Feb 14 2008 11:45:42a 427 A.... "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.txt"
Feb 19 2008 1:58:26p 9,991 A.... "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.inf"
Feb 19 2008 1:57:58p 1,140 A.... "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.txt"
Feb 19 2008 1:46:48p 8,712 A.... "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.inf"
Feb 14 2008 11:34:42a 378 A.... "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.txt"
Feb 14 2008 11:39:56a 8,520 A.... "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.inf"
Feb 14 2008 11:39:00a 183 A.... "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.txt"
Feb 19 2008 1:45:06p 6,974 A.... "C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.inf"
Feb 19 2008 1:44:34p 93 A.... "C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.txt"
Feb 19 2008 3:11:56p 9,929 A.... "C:\WINDOWS\$NtUninstallKB9
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - (no file)
O20 - Winlogon Notify: cbxxwxv - C:\WINDOWS\


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    E:\tomskype.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa037a-e6ac-11dc-a38d-de4af262252f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

#10
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01485"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01486"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01487"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01488"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01489"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01490"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01491"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01492"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01493"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01494"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01495"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01496"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01497"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01498"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01499"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01500"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01501"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01502"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01503"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01504"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01505"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01506"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01507"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01508"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01509"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01510"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01511"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01512"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01513"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01514"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01515"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01516"
Feb 18 2008 12:34:56p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01517"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01518"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01519"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01520"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01521"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01522"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01523"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01524"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01525"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01526"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01527"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01528"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01529"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01530"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01531"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01532"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01533"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01534"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01535"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01536"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01537"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01538"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01539"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01540"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01541"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01542"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01543"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01544"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01545"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01546"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01547"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01548"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01549"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01550"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01551"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01552"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01553"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01554"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01555"
Feb 18 2008 12:34:58p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01556"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01557"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01558"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01559"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01560"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01561"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01562"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01565"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01566"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01567"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01568"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01569"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01571"
Feb 18 2008 12:35:00p 12,288 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01572"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01573"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01574"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01576"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01581"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01594"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01599"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01600"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01602"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01603"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01604"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01611"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01614"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01615"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01616"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01617"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01618"
Feb 18 2008 12:35:00p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01619"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01620"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01621"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01622"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01623"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01624"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01625"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01626"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01627"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01628"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01629"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01630"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01631"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01632"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01633"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01634"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01635"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01636"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01637"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01638"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01639"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01640"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01641"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01642"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01643"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01644"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01645"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01646"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01647"
Feb 18 2008 12:35:02p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01648"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01655"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01657"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01668"
Feb 18 2008 12:35:04p 8,192 A.... "C:\WINDOWS\$NtServicePackUninstall$\reg01669"
Feb 14 2008 11:06:40a 24,576 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00001"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00003"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00004"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00005"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00007"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00008"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00009"
Feb 14 2008 11:06:40a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00010"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00011"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00012"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00013"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00014"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00015"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00016"
Feb 14 2008 11:06:42a 8,192 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\reg00017"
Feb 14 2008 11:05:50a 8,192 A.... "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\reg00002"
Feb 29 2008 8:52:50p 64 A.S.. "C:\WINDOWS\CSC\00000001"
Feb 29 2008 7:33:38p 64 A.S.. "C:\WINDOWS\CSC\00000002"
Feb 29 2008 5:12:46p 64 A.S.. "C:\WINDOWS\CSC\csc1.tmp"
Feb 19 2008 10:56:50a 572 A.... "C:\WINDOWS\Debug\blastcln.log"
Feb 19 2008 2:55:04p 1,478 A.... "C:\WINDOWS\Debug\mrt.log"
Feb 19 2008 2:55:04p 1,170 A.... "C:\WINDOWS\Debug\mrteng.log"
Feb 2 2008 11:57:32a 79,381 A.... "C:\WINDOWS\Debug\NetSetup.LOG"
Feb 29 2008 8:52:50p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Feb 16 2008 3:32:34p 112 A.... "C:\WINDOWS\EHome\medctrro.cmd"
Feb 29 2008 5:18:52p 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
Feb 18 2008 12:53:50p 48,316 A.... "C:\WINDOWS\inf\accessor.PNF"
Feb 9 2008 4:24:34p 10,284 A.... "C:\WINDOWS\inf\acerscan.PNF"
Feb 19 2008 10:52:24a 10,768 A.... "C:\WINDOWS\inf\agp.PNF"
Feb 18 2008 12:47:18p 8,428 A.... "C:\WINDOWS\inf\apcompat.PNF"
Feb 19 2008 10:52:26a 43,280 A.... "C:\WINDOWS\inf\ati1xwdm.PNF"
Feb 19 2008 10:52:26a 29,012 A.... "C:\WINDOWS\inf\atiixpaa.PNF"
Feb 19 2008 10:52:26a 94,532 A.... "C:\WINDOWS\inf\atiixpag.PNF"
Feb 19 2008 10:52:26a 45,784 A.... "C:\WINDOWS\inf\atixpwdm.PNF"
Feb 19 2008 10:52:26a 14,772 A.... "C:\WINDOWS\inf\au.PNF"
Feb 19 2008 10:52:26a 20,236 A.... "C:\WINDOWS\inf\bda.PNF"
Feb 19 2008 10:52:26a 69,256 A.... "C:\WINDOWS\inf\biosinfo.PNF"
Feb 21 2008 9:48:00p 4,100 A.... "C:\WINDOWS\inf\branches.PNF"
Feb 9 2008 4:24:34p 37,336 A.... "C:\WINDOWS\inf\brmfcwia.PNF"
Feb 18 2008 12:51:20p 25,780 A.... "C:\WINDOWS\inf\bth.PNF"
Feb 19 2008 10:52:28a 8,032 A.... "C:\WINDOWS\inf\bthpan.PNF"
Feb 19 2008 10:52:28a 6,224 A.... "C:\WINDOWS\inf\bthprint.PNF"
Feb 19 2008 10:52:28a 5,972 A.... "C:\WINDOWS\inf\bthspp.PNF"
Feb 9 2008 4:24:34p 17,268 A.... "C:\WINDOWS\inf\camvid20.PNF"
Feb 9 2008 4:24:34p 16,020 A.... "C:\WINDOWS\inf\camvid30.PNF"
Feb 19 2008 10:52:28a 9,644 A.... "C:\WINDOWS\inf\ccdecode.PNF"
Feb 9 2008 7:31:14p 13,082 A.... "C:\WINDOWS\inf\codecs10.PNF"
Feb 18 2008 12:51:22p 16,972 A.... "C:\WINDOWS\inf\cpu.PNF"
Feb 19 2008 10:52:28a 321,048 A.... "C:\WINDOWS\inf\defltwk.PNF"
Feb 19 2008 10:52:28a 39,396 A.... "C:\WINDOWS\inf\devxprop.PNF"
Feb 19 2008 10:52:30a 4,084 A.... "C:\WINDOWS\inf\drm.PNF"
Feb 9 2008 7:31:10p 6,770 A.... "C:\WINDOWS\inf\DRM10.PNF"
Feb 18 2008 12:47:44p 222,180 A.... "C:\WINDOWS\inf\drvindex.PNF"
Feb 19 2008 10:52:32a 329,044 A.... "C:\WINDOWS\inf\dwup.PNF"
Feb 9 2008 4:24:34p 11,416 A.... "C:\WINDOWS\inf\epsnmfp.PNF"
Feb 9 2008 4:24:36p 45,632 A.... "C:\WINDOWS\inf\epsnscan.PNF"
Feb 23 2008 3:40:38p 4,684 A.... "C:\WINDOWS\inf\Erma.PNF"
Feb 9 2008 4:24:34p 23,876 A.... "C:\WINDOWS\inf\fjtscan.PNF"
Feb 19 2008 10:52:32a 5,004 A.... "C:\WINDOWS\inf\fltmgr.PNF"
Feb 18 2008 12:53:46p 17,568 A.... "C:\WINDOWS\inf\fp40ext.PNF"
Feb 18 2008 12:53:40p 55,728 A.... "C:\WINDOWS\inf\fxsocm.PNF"
Feb 19 2008 10:52:32a 7,780 A.... "C:\WINDOWS\inf\hidbth.PNF"
Feb 19 2008 10:52:32a 9,476 A.... "C:\WINDOWS\inf\hiddigi.PNF"
Feb 19 2008 10:52:32a 12,720 A.... "C:\WINDOWS\inf\hidserv.PNF"
Feb 9 2008 4:24:34p 7,024 A.... "C:\WINDOWS\inf\hpdigwia.PNF"
Feb 9 2008 4:24:34p 23,052 A.... "C:\WINDOWS\inf\hpojscan.PNF"
Feb 9 2008 4:24:36p 41,068 A.... "C:\WINDOWS\inf\hpscan.PNF"
Feb 19 2008 10:52:32a 18,084 A.... "C:\WINDOWS\inf\i81xnt5.PNF"
Feb 9 2008 4:24:36p 13,148 A.... "C:\WINDOWS\inf\icam3.PNF"
Feb 9 2008 4:24:34p 17,876 A.... "C:\WINDOWS\inf\icam4usb.PNF"
Feb 9 2008 4:24:34p 13,708 A.... "C:\WINDOWS\inf\icam5usb.PNF"
Feb 19 2008 10:52:34a 83,728 A.... "C:\WINDOWS\inf\ie.PNF"
Feb 19 2008 3:01:10p 795 A.... "C:\WINDOWS\inf\ieaccess.inf"
Feb 19 2008 3:04:26p 4,424 A.... "C:\WINDOWS\inf\ieaccess.PNF"
Feb 18 2008 12:53:40p 971,036 A.... "C:\WINDOWS\inf\iis.PNF"
Feb 9 2008 4:24:36p 22,804 A.... "C:\WINDOWS\inf\image.PNF"
Feb 18 2008 12:53:46p 105,208 A.... "C:\WINDOWS\inf\ims.PNF"
Feb 23 2008 3:40:48p 1,480,936 A.... "C:\WINDOWS\inf\INFCACHE.1"
Feb 19 2008 10:52:34a 100,124 A.... "C:\WINDOWS\inf\input.PNF"
Feb 19 2008 10:52:38a 424,000 A.... "C:\WINDOWS\inf\intl.PNF"
Feb 19 2008 10:52:38a 18,840 A.... "C:\WINDOWS\inf\irbus.PNF"
Feb 9 2008 4:24:36p 22,040 A.... "C:\WINDOWS\inf\kdk2x0.PNF"
Feb 9 2008 4:24:34p 10,712 A.... "C:\WINDOWS\inf\kdkscan.PNF"
Feb 19 2008 10:52:38a 57,268 A.... "C:\WINDOWS\inf\keyboard.PNF"
Feb 9 2008 4:24:36p 10,212 A.... "C:\WINDOWS\inf\kodak.PNF"
Feb 19 2008 10:52:38a 91,444 A.... "C:\WINDOWS\inf\ks.PNF"
Feb 19 2008 10:52:38a 43,500 A.... "C:\WINDOWS\inf\kscaptur.PNF"
Feb 19 2008 10:52:38a 24,640 A.... "C:\WINDOWS\inf\ksfilter.PNF"
Feb 18 2008 12:47:38p 1,051,064 A.... "C:\WINDOWS\inf\layout.PNF"
Feb 18 2008 12:47:42p 187,380 A.... "C:\WINDOWS\inf\machine.PNF"
Feb 19 2008 10:52:40a 30,280 A.... "C:\WINDOWS\inf\mchgr.PNF"
Feb 19 2008 10:52:40a 17,572 A.... "C:\WINDOWS\inf\mdac.PNF"
Feb 19 2008 10:52:40a 40,560 A.... "C:\WINDOWS\inf\mdmbtmdm.PNF"
Feb 19 2008 10:52:40a 68,340 A.... "C:\WINDOWS\inf\mdmcxsf2.PNF"
Feb 19 2008 10:52:42a 152,828 A.... "C:\WINDOWS\inf\mdmhamrw.PNF"
Feb 19 2008 10:52:42a 107,872 A.... "C:\WINDOWS\inf\mdmirmdm.PNF"
Feb 19 2008 10:52:42a 46,132 A.... "C:\WINDOWS\inf\mdmntstm.PNF"
Feb 18 2008 12:53:54p 106,528 A.... "C:\WINDOWS\inf\medctroc.PNF"
Feb 19 2008 10:52:42a 15,196 A.... "C:\WINDOWS\inf\moviemk.PNF"
Feb 19 2008 10:52:42a 8,284 A.... "C:\WINDOWS\inf\mpe.PNF"
Feb 19 2008 10:52:44a 30,644 A.... "C:\WINDOWS\inf\mplayer2.PNF"
Feb 9 2008 7:31:04p 6,178 A.... "C:\WINDOWS\inf\MPPRE10.PNF"
Feb 9 2008 4:24:36p 39,084 A.... "C:\WINDOWS\inf\msdv.PNF"
Feb 19 2008 10:52:44a 49,540 A.... "C:\WINDOWS\inf\mshdc.PNF"
Feb 9 2008 4:24:34p 29,140 A.... "C:\WINDOWS\inf\msmscsi.PNF"
Feb 9 2008 4:24:34p 15,364 A.... "C:\WINDOWS\inf\msmusb.PNF"
Feb 19 2008 10:52:44a 60,940 A.... "C:\WINDOWS\inf\msnetmtg.PNF"
Feb 18 2008 12:53:54p 9,492 A.... "C:\WINDOWS\inf\msnmsn.PNF"
Feb 19 2008 10:52:46a 35,964 A.... "C:\WINDOWS\inf\msoe50.PNF"
Feb 19 2008 10:52:46a 23,816 A.... "C:\WINDOWS\inf\mstape.PNF"
Feb 18 2008 12:53:52p 11,984 A.... "C:\WINDOWS\inf\multimed.PNF"
Feb 19 2008 10:52:46a 7,856 A.... "C:\WINDOWS\inf\mymusic.PNF"
Feb 19 2008 10:52:46a 9,636 A.... "C:\WINDOWS\inf\nabtsfec.PNF"
Feb 19 2008 10:52:46a 9,096 A.... "C:\WINDOWS\inf\ndisip.PNF"
Feb 18 2008 12:54:02p 3,652 A.... "C:\WINDOWS\inf\netbeac.PNF"
Feb 19 2008 10:52:24a 3,704 A.... "C:\WINDOWS\inf\netfw.PNF"
Feb 18 2008 12:53:54p 174,876 A.... "C:\WINDOWS\inf\netfxocm.PNF"
Feb 19 2008 10:52:46a 13,020 A.... "C:\WINDOWS\inf\netip6.PNF"
Feb 19 2008 10:52:48a 20,344 A.... "C:\WINDOWS\inf\netmscli.PNF"
Feb 18 2008 12:53:40p 16,448 A.... "C:\WINDOWS\inf\netoc.PNF"
Feb 19 2008 10:52:48a 45,180 A.... "C:\WINDOWS\inf\netrass.PNF"
Feb 19 2008 10:52:48a 6,800 A.... "C:\WINDOWS\inf\netrndis.PNF"
Feb 19 2008 10:52:48a 19,836 A.... "C:\WINDOWS\inf\netrtsnt.PNF"
Feb 19 2008 10:52:50a 38,304 A.... "C:\WINDOWS\inf\nettcpip.PNF"
Feb 19 2008 10:52:50a 6,348 A.... "C:\WINDOWS\inf\nettun.PNF"
Feb 19 2008 10:52:50a 8,932 A.... "C:\WINDOWS\inf\netupnph.PNF"
Feb 19 2008 10:52:50a 7,028 A.... "C:\WINDOWS\inf\netwzc.PNF"
Feb 19 2008 10:52:56a 1,317,388 A.... "C:\WINDOWS\inf\ntprint.PNF"
Feb 19 2008 10:52:58a 53,292 A.... "C:\WINDOWS\inf\nv4_disp.PNF"
Feb 19 2008 10:52:58a 22,148 A.... "C:\WINDOWS\inf\nvct.PNF"
Feb 19 2008 10:53:00a 34,060 A.... "C:\WINDOWS\inf\nvdm.PNF"
Feb 19 2008 10:53:00a 22,196 A.... "C:\WINDOWS\inf\nvts.PNF"
Feb 18 2008 12:53:48p 4,384 A.... "C:\WINDOWS\inf\oeaccess.PNF"
Jan 25 2008 11:28:20a 9,494 A.... "C:\WINDOWS\inf\oem24.PNF"
Feb 8 2008 7:36:52p 8,432 A.... "C:\WINDOWS\inf\oem25.PNF"
Feb 8 2008 7:36:52p 21,610 A.... "C:\WINDOWS\inf\oem26.PNF"
Feb 8 2008 7:36:52p 8,930 A.... "C:\WINDOWS\inf\oem27.PNF"
Feb 8 2008 7:36:54p 9,274 A.... "C:\WINDOWS\inf\oem28.PNF"
Feb 8 2008 7:36:54p 9,200 A.... "C:\WINDOWS\inf\oem29.PNF"
Feb 8 2008 7:36:54p 23,530 A.... "C:\WINDOWS\inf\oem30.PNF"
Feb 8 2008 7:36:54p 12,418 A.... "C:\WINDOWS\inf\oem31.PNF"
Feb 8 2008 7:36:54p 10,274 A.... "C:\WINDOWS\inf\oem32.PNF"
Feb 8 2008 7:36:54p 10,618 A.... "C:\WINDOWS\inf\oem33.PNF"
Feb 8 2008 7:36:56p 11,610 A.... "C:\WINDOWS\inf\oem34.PNF"
Feb 8 2008 7:36:56p 9,056 A.... "C:\WINDOWS\inf\oem35.PNF"
Feb 8 2008 7:36:56p 23,050 A.... "C:\WINDOWS\inf\oem36.PNF"
Feb 8 2008 7:36:56p 9,938 A.... "C:\WINDOWS\inf\oem37.PNF"
Feb 8 2008 7:36:56p 10,282 A.... "C:\WINDOWS\inf\oem38.PNF"
Feb 8 2008 7:36:58p 8,048 A.... "C:\WINDOWS\inf\oem39.PNF"
Feb 8 2008 7:36:58p 20,650 A.... "C:\WINDOWS\inf\oem40.PNF"
Feb 8 2008 7:36:58p 12,410 A.... "C:\WINDOWS\inf\oem41.PNF"
Feb 8 2008 7:36:58p 8,258 A.... "C:\WINDOWS\inf\oem42.PNF"
Feb 8 2008 7:37:00p 8,602 A.... "C:\WINDOWS\inf\oem43.PNF"
Feb 8 2008 7:37:00p 9,690 A.... "C:\WINDOWS\inf\oem44.PNF"
Feb 8 2008 7:37:00p 7,952 A.... "C:\WINDOWS\inf\oem45.PNF"
Feb 8 2008 7:37:00p 20,410 A.... "C:\WINDOWS\inf\oem46.PNF"
Feb 8 2008 7:37:00p 12,418 A.... "C:\WINDOWS\inf\oem47.PNF"
Feb 8 2008 7:37:02p 8,090 A.... "C:\WINDOWS\inf\oem48.PNF"
Feb 8 2008 7:37:02p 8,434 A.... "C:\WINDOWS\inf\oem49.PNF"
Feb 8 2008 7:37:02p 9,546 A.... "C:\WINDOWS\inf\oem50.PNF"
Feb 8 2008 7:37:02p 7,920 A.... "C:\WINDOWS\inf\oem51.PNF"
Feb 8 2008 7:37:02p 20,234 A.... "C:\WINDOWS\inf\oem52.PNF"
Feb 8 2008 7:37:02p 12,410 A.... "C:\WINDOWS\inf\oem53.PNF"
Feb 8 2008 7:37:04p 7,986 A.... "C:\WINDOWS\inf\oem54.PNF"
Feb 8 2008 7:37:04p 8,330 A.... "C:\WINDOWS\inf\oem55.PNF"
Feb 8 2008 7:37:04p 9,378 A.... "C:\WINDOWS\inf\oem56.PNF"
Feb 8 2008 7:37:04p 7,776 A.... "C:\WINDOWS\inf\oem57.PNF"
Feb 8 2008 7:37:04p 19,242 A.... "C:\WINDOWS\inf\oem58.PNF"
Feb 8 2008 7:37:06p 7,850 A.... "C:\WINDOWS\inf\oem59.PNF"
Feb 8 2008 7:37:06p 8,106 A.... "C:\WINDOWS\inf\oem60.PNF"
Feb 8 2008 7:37:06p 14,784 A.... "C:\WINDOWS\inf\oem61.PNF"
Feb 8 2008 7:37:06p 15,072 A.... "C:\WINDOWS\inf\oem62.PNF"
Feb 8 2008 7:37:06p 15,656 A.... "C:\WINDOWS\inf\oem63.PNF"
Feb 8 2008 7:37:06p 16,160 A.... "C:\WINDOWS\inf\oem64.PNF"
Feb 8 2008 7:37:06p 15,912 A.... "C:\WINDOWS\inf\oem65.PNF"
Feb 13 2008 9:35:32a 0 ...H. "C:\WINDOWS\inf\oem66.inf"
Feb 18 2008 12:26:06p 2,268,740 A.... "C:\WINDOWS\inf\oem67.PNF"
Feb 19 2008 11:01:00a 0 ...H. "C:\WINDOWS\inf\oem68.inf"
Jan 25 2008 3:38:02p 1,550 A.... "C:\WINDOWS\inf\oem69.inf"
Feb 23 2008 3:40:36p 5,224 A.... "C:\WINDOWS\inf\oem69.PNF"
Jan 25 2008 3:38:10p 2,872 A.... "C:\WINDOWS\inf\oem70.inf"
Feb 23 2008 3:40:48p 7,708 A.... "C:\WINDOWS\inf\oem70.PNF"
Feb 19 2008 10:53:04a 17,240 A.... "C:\WINDOWS\inf\oobe.PNF"
Feb 9 2008 4:24:36p 24,812 A.... "C:\WINDOWS\inf\ovcam.PNF"
Feb 18 2008 12:54:02p 14,240 A.... "C:\WINDOWS\inf\p2p.PNF"
Feb 19 2008 10:53:04a 35,832 A.... "C:\WINDOWS\inf\parhmse.PNF"
Feb 19 2008 10:53:04a 13,292 A.... "C:\WINDOWS\inf\pchealth.PNF"
Feb 9 2008 4:24:34p 10,484 A.... "C:\WINDOWS\inf\phil1vid.PNF"
Feb 9 2008 4:24:34p 13,828 A.... "C:\WINDOWS\inf\phil2vid.PNF"
Feb 19 2008 10:53:04a 105,552 A.... "C:\WINDOWS\inf\pnpscsi.PNF"
Feb 19 2008 10:53:04a 9,380 A.... "C:\WINDOWS\inf\ps5333.PNF"
Feb 19 2008 10:53:04a 11,416 A.... "C:\WINDOWS\inf\qmgr.PNF"
Feb 19 2008 10:53:04a 7,172 A.... "C:\WINDOWS\inf\ramdisk.PNF"
Feb 9 2008 4:24:36p 18,476 A.... "C:\WINDOWS\inf\ricoh.PNF"
Feb 19 2008 10:53:06a 38,256 A.... "C:\WINDOWS\inf\sceregvl.PNF"
Feb 19 2008 10:53:06a 21,944 A.... "C:\WINDOWS\inf\scsi.PNF"
Feb 18 2008 12:51:20p 10,632 A.... "C:\WINDOWS\inf\sdbus.PNF"
Feb 19 2008 10:53:06a 26,320 A.... "C:\WINDOWS\inf\secrecs.PNF"
Feb 8 2008 7:38:48p 14,404 A.... "C:\WINDOWS\inf\Sem062_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem115_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem116_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem125_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem616_BT_x64.PNF"
Feb 8 2008 7:38:48p 14,640 A.... "C:\WINDOWS\inf\Sem716_BT_x64.PNF"
Feb 19 2008 10:53:06a 7,808 A.... "C:\WINDOWS\inf\sffdisk.PNF"
Feb 19 2008 10:53:06a 38,476 A.... "C:\WINDOWS\inf\shell.PNF"
Feb 19 2008 10:53:06a 15,720 A.... "C:\WINDOWS\inf\shl_img.PNF"
Feb 19 2008 10:53:08a 4,444 A.... "C:\WINDOWS\inf\skins.PNF"
Feb 19 2008 10:53:08a 9,196 A.... "C:\WINDOWS\inf\slip.PNF"
Feb 19 2008 10:53:08a 36,372 A.... "C:\WINDOWS\inf\smartcrd.PNF"
Feb 9 2008 4:24:34p 87,168 A.... "C:\WINDOWS\inf\stillcam.PNF"
Feb 19 2008 10:53:08a 11,956 A.... "C:\WINDOWS\inf\streamip.PNF"
Feb 19 2008 10:53:08a 5,724 A.... "C:\WINDOWS\inf\swflash.PNF"
Feb 18 2008 12:53:40p 7,232 A.... "C:\WINDOWS\inf\sysoc.PNF"
Feb 19 2008 10:53:08a 100,612 A.... "C:\WINDOWS\inf\syssetup.PNF"
Feb 18 2008 12:53:54p 558,428 A.... "C:\WINDOWS\inf\tabletpc.PNF"
Feb 19 2008 10:53:10a 59,804 A.... "C:\WINDOWS\inf\tape.PNF"
Feb 19 2008 10:53:14a 9,424 A.... "C:\WINDOWS\inf\tdibth.PNF"
Feb 9 2008 4:24:34p 9,900 A.... "C:\WINDOWS\inf\tsbvcap.PNF"
Feb 18 2008 12:53:42p 122,712 A.... "C:\WINDOWS\inf\tsoc.PNF"
Feb 9 2008 4:24:36p 68,364 A.... "C:\WINDOWS\inf\umax.PNF"
Feb 9 2008 4:24:34p 10,992 A.... "C:\WINDOWS\inf\umaxpp.PNF"
Feb 19 2008 10:53:14a 51,448 A.... "C:\WINDOWS\inf\usbport.PNF"
Feb 19 2008 10:53:14a 24,920 A.... "C:\WINDOWS\inf\usbvideo.PNF"
Feb 19 2008 10:54:46a 21,352 A.... "C:\WINDOWS\inf\wab50.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp0.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp1.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp2.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp3.PNF"
Feb 19 2008 10:53:16a 8,876 A.... "C:\WINDOWS\inf\wfp4.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp5.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp6.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp7.PNF"
Feb 19 2008 10:53:16a 8,884 A.... "C:\WINDOWS\inf\wfp8.PNF"
Feb 18 2008 12:53:48p 4,056 A.... "C:\WINDOWS\inf\wmaccess.PNF"
Feb 19 2008 10:53:18a 21,768 A.... "C:\WINDOWS\inf\wmdm.PNF"
Feb 9 2008 7:31:28p 22,146 A.... "C:\WINDOWS\inf\WMDM10.PNF"
Feb 18 2008 12:47:38p 15,908 A.... "C:\WINDOWS\inf\wmfsdk.PNF"
Feb 9 2008 7:31:16p 10,744 A.... "C:\WINDOWS\inf\WMFSDK10.PNF"
Feb 18 2008 12:47:40p 56,940 A.... "C:\WINDOWS\inf\wmp.PNF"
Feb 18 2008 12:53:50p 4,408 A.... "C:\WINDOWS\inf\wmpocm.PNF"
Feb 13 2008 10:55:10a 3,988 A.... "C:\WINDOWS\inf\wmsetsdk.PNF"
Feb 18 2008 12:53:52p 16,656 A.... "C:\WINDOWS\inf\wordpad.PNF"
Feb 9 2008 7:31:34p 10,524 A.... "C:\WINDOWS\inf\WPD10.PNF"
Feb 13 2008 10:55:16a 10,428 A.... "C:\WINDOWS\inf\wpdmtp.PNF"
Feb 19 2008 10:53:18a 9,200 A.... "C:\WINDOWS\inf\wstcodec.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv0.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv1.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv2.PNF"
Feb 19 2008 10:53:18a 8,892 A.... "C:\WINDOWS\inf\wtv3.PNF"
Feb 19 2008 10:53:20a 8,892 A.... "C:\WINDOWS\inf\wtv4.PNF"
Feb 19 2008 10:53:20a 8,892 A.... "C:\WINDOWS\inf\wtv5.PNF"
Feb 9 2008 4:24:36p 9,936 A.... "C:\WINDOWS\inf\xscan_xp.PNF"
Feb 23 2008 1:21:34p 5,668 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"
Feb 23 2008 12:20:06p 211 ..... "C:\WINDOWS\pss\boot.ini.backup"
Feb 22 2008 3:07:54p 315 ..... "C:\WINDOWS\pss\system.ini.backup"
Feb 20 2008 12:58:06p 1,082 ..... "C:\WINDOWS\pss\win.ini.backup"
Feb 21 2008 11:02:24a 23,600 A.... "C:\WINDOWS\Registration\R000000000012.clb"
Feb 21 2008 11:02:24a 23,584 A.... "C:\WINDOWS\Registration\R000000000013.clb"
Feb 21 2008 11:02:46a 1,048,576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CEFFE259-C959-425A-9658-39C78F9E2E9A}.crmlog"
Feb 19 2008 4:16:02p 249,200 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Feb 4 2008 3:09:48p 18,214,008 A.... "C:\WINDOWS\system32\MRT.exe"
Feb 21 2008 11:02:34a 53,608 A.... "C:\WINDOWS\system32\perfc009.dat"
Feb 21 2008 11:02:34a 383,254 A.... "C:\WINDOWS\system32\perfh009.dat"
Feb 21 2008 11:02:34a 431,592 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
Jan 11 2008 11:23:32a 44,544 ..... "C:\WINDOWS\system32\pngfilt.dll"
Feb 22 2008 2:06:36p 4,395 A.... "C:\WINDOWS\system32\qtplugin.log"
Feb 19 2008 10:51:48a 245 A.... "C:\WINDOWS\system32\spupdwxp.log"
Mar 4 2008 11:36:18a 3,976 A.... "C:\WINDOWS\system32\tmp.reg"
Mar 4 2008 11:36:18a 0 A.... "C:\WINDOWS\system32\tmp.txt"
Feb 19 2008 3:06:10p 132,902 A.... "C:\WINDOWS\system32\TZLog.log"
Feb 29 2008 8:53:30p 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"
Jan 10 2008 1:15:30p 755,027 A.... "C:\WINDOWS\system32\xvidcore.dll"
Jan 10 2008 1:16:20p 159,839 A.... "C:\WINDOWS\system32\xvidvfw.dll"
Feb 27 2008 1:00:32a 278 A.... "C:\WINDOWS\Tasks\Defrag (Desktop) .....job"
Feb 29 2008 8:52:50p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Mar 4 2008 6:47:34p 214 A.... "C:\WINDOWS\TEMP\kds.xml"
Mar 3 2008 11:48:02p 16 A.... "C:\WINDOWS\TEMP\report.dat"
Mar 4 2008 7:03:10p 750 A.... "C:\WINDOWS\TEMP\SCPD1D.tmp"
Mar 4 2008 7:18:18p 121,770 A.... "C:\WINDOWS\TEMP\scsD2F.tmp"
Mar 4 2008 7:17:40p 108 A.... "C:\WINDOWS\TEMP\teredo.txt"
Mar 3 2008 11:47:34p 265 A.... "C:\WINDOWS\TEMP\updateop.xml"
Mar 4 2008 6:20:58p 255 A.... "C:\WINDOWS\TEMP\WGAErrLog.txt"
Feb 13 2008 10:03:12a 15,686 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf"
Feb 13 2008 10:02:34a 967 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt"
Feb 14 2008 11:05:44a 7,364 A.... "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.inf"
Feb 14 2008 11:05:08a 431 A.... "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.txt"
Feb 19 2008 1:59:28p 8,568 A.... "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.inf"
Feb 19 2008 1:59:02p 320 A.... "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.txt"
Feb 19 2008 1:49:44p 11,306 A.... "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.inf"
Feb 14 2008 11:36:28a 1,929 A.... "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.txt"
Feb 14 2008 11:12:22a 620 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\KB923191.asms"
Feb 19 2008 1:52:06p 9,111 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.inf"
Feb 14 2008 11:12:10a 648 A.... "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.txt"
Feb 19 2008 1:47:38p 16,945 A.... "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.inf"
Feb 14 2008 11:23:58a 2,881 A.... "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.txt"
Feb 19 2008 2:08:42p 9,193 A.... "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.inf"
Feb 19 2008 2:08:20p 360 A.... "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.txt"
Feb 19 2008 1:52:42p 8,714 A.... "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.inf"
Feb 19 2008 1:52:20p 700 A.... "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.txt"
Feb 14 2008 11:50:30a 10,385 A.... "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.inf"
Feb 14 2008 11:49:46a 415 A.... "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.txt"
Feb 19 2008 2:07:02p 8,653 A.... "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.inf"
Feb 19 2008 2:06:36p 218 A.... "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.txt"
Feb 19 2008 1:49:38p 10,117 A.... "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.inf"
Feb 14 2008 11:02:48a 1,916 A.... "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.txt"
Feb 19 2008 2:53:50p 10,030 A.... "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.inf"
Feb 19 2008 2:52:56p 325 A.... "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.txt"
Feb 19 2008 2:10:56p 9,340 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.inf"
Feb 19 2008 2:10:36p 370 A.... "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.txt"
Feb 19 2008 1:48:36p 9,225 A.... "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.inf"
Feb 14 2008 11:35:32a 438 A.... "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.txt"
Feb 19 2008 2:02:52p 8,846 A.... "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.inf"
Feb 19 2008 2:02:28p 320 A.... "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.txt"
Feb 19 2008 2:02:24p 10,469 A.... "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.inf"
Feb 19 2008 2:02:04p 1,136 A.... "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.txt"
Feb 19 2008 1:47:22p 8,313 A.... "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.inf"
Feb 19 2008 1:46:54p 552 A.... "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.txt"
Feb 19 2008 2:01:02p 9,171 A.... "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.inf"
Feb 19 2008 2:00:36p 630 A.... "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.txt"
Feb 14 2008 11:04:30a 620 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\KB908531.asms"
Feb 19 2008 1:49:20p 9,115 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.inf"
Feb 14 2008 11:04:20a 724 A.... "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.txt"
Feb 14 2008 11:23:44a 8,089 A.... "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.inf"
Feb 14 2008 11:23:06a 409 A.... "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.txt"
Feb 14 2008 11:12:00a 7,555 A.... "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.inf"
Feb 14 2008 11:11:20a 427 A.... "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.txt"
Feb 19 2008 2:53:48p 9,159 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.inf"
Feb 19 2008 2:53:22p 404 A.... "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.txt"
Feb 14 2008 11:15:08a 7,124 A.... "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.inf"
Feb 14 2008 11:14:28a 321 A.... "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.txt"
Feb 19 2008 2:01:58p 8,711 A.... "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.inf"
Feb 19 2008 2:01:34p 347 A.... "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.txt"
Feb 19 2008 1:51:52p 9,442 A.... "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.inf"
Feb 14 2008 11:46:32a 405 A.... "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.txt"
Feb 14 2008 11:26:14a 7,908 A.... "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.inf"
Feb 14 2008 11:25:34a 331 A.... "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.txt"
Feb 19 2008 3:12:26p 9,946 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
Feb 19 2008 3:12:02p 320 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
Feb 19 2008 3:11:26p 13,548 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.inf"
Feb 19 2008 3:10:58p 1,107 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.txt"
Feb 19 2008 3:10:18p 9,176 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.inf"
Feb 19 2008 3:09:58p 178 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.txt"
Feb 19 2008 1:51:44p 9,065 A.... "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.inf"
Feb 19 2008 1:51:22p 870 A.... "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.txt"
Feb 19 2008 1:54:38p 9,495 A.... "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.inf"
Feb 19 2008 1:54:10p 563 A.... "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.txt"
Feb 19 2008 1:50:32p 8,625 A.... "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.inf"
Feb 19 2008 1:50:06p 696 A.... "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.txt"
Feb 19 2008 1:46:08p 8,626 A.... "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.inf"
Feb 14 2008 11:41:16a 187 A.... "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.txt"
Feb 19 2008 1:45:24p 7,777 A.... "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.inf"
Feb 14 2008 11:12:58a 358 A.... "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.txt"
Feb 19 2008 1:55:30p 8,208 A.... "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.inf"
Feb 19 2008 1:55:10p 320 A.... "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.txt"
Feb 19 2008 1:47:52p 7,481 A.... "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.inf"
Feb 14 2008 11:16:18a 183 A.... "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.txt"
Feb 14 2008 11:17:46a 7,803 A.... "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.inf"
Feb 14 2008 11:17:00a 421 A.... "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.txt"
Feb 19 2008 1:53:12p 9,454 A.... "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.inf"
Feb 19 2008 1:52:48p 943 A.... "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.txt"
Feb 18 2008 1:06:40p 6,782 A.... "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.inf"
Feb 18 2008 1:03:24p 87 A.... "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.txt"
Feb 13 2008 10:01:36a 7,177 A.... "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.inf"
Feb 13 2008 10:00:56a 463 A.... "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.txt"
Feb 19 2008 2:52:50p 9,128 A.... "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.inf"
Feb 19 2008 2:52:22p 267 A.... "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.txt"
Feb 19 2008 1:50:00p 7,940 A.... "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.inf"
Feb 14 2008 10:59:32a 720 A.... "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.txt"
Feb 19 2008 1:53:38p 7,998 A.... "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf"
Feb 19 2008 1:53:16p 300 A.... "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt"
Feb 14 2008 11:22:58a 7,502 A.... "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.inf"
Feb 14 2008 11:22:24a 222 A.... "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.txt"
Feb 19 2008 3:08:02p 12,138 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
Feb 19 2008 3:07:36p 1,808 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
Feb 19 2008 1:57:52p 9,498 A.... "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf"
Feb 19 2008 1:57:28p 878 A.... "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt"
Feb 19 2008 1:51:06p 8,349 A.... "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.inf"
Feb 14 2008 11:20:06a 423 A.... "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.txt"
Feb 19 2008 3:09:54p 9,752 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
Feb 19 2008 3:09:30p 316 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
Feb 14 2008 11:16:10a 7,763 A.... "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.inf"
Feb 14 2008 11:15:20a 417 A.... "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.txt"
Feb 14 2008 11:46:20a 9,024 A.... "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.inf"
Feb 14 2008 11:45:42a 427 A.... "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.txt"
Feb 19 2008 1:58:26p 9,991 A.... "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.inf"
Feb 19 2008 1:57:58p 1,140 A.... "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.txt"
Feb 19 2008 1:46:48p 8,712 A.... "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.inf"
Feb 14 2008 11:34:42a 378 A.... "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.txt"
Feb 14 2008 11:39:56a 8,520 A.... "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.inf"
Feb 14 2008 11:39:00a 183 A.... "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.txt"
Feb 19 2008 1:45:06p 6,974 A.... "C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.inf"
Feb 19 2008 1:44:34p 93 A.... "C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.txt"
Feb 19 2008 3:11:56p 9,929 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"
Feb 19 2008 3:11:32p 320 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"
Feb 19 2008 1:56:58p 8,654 A.... "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.inf"
Feb 19 2008 1:56:36p 518 A.... "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.txt"
Feb 19 2008 1:54:04p 8,049 A.... "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.inf"
Feb 19 2008 1:53:
  • 0

Advertisements


#11
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Feb 19 2008 1:53:42p 304 A.... "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.txt"
Feb 19 2008 3:07:30p 9,345 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
Feb 19 2008 3:07:04p 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
Feb 19 2008 3:06:32p 10,193 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
Feb 19 2008 3:06:12p 220 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
Feb 19 2008 1:52:00p 9,292 A.... "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.inf"
Feb 14 2008 11:32:18a 620 A.... "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.txt"
Feb 19 2008 1:47:46p 8,731 A.... "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.inf"
Feb 14 2008 11:42:04a 183 A.... "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.txt"
Feb 19 2008 3:10:46p 9,824 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
Feb 19 2008 3:10:22p 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
Feb 14 2008 11:27:00a 7,668 A.... "C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.inf"
Feb 14 2008 11:26:24a 187 A.... "C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.txt"
Feb 14 2008 11:09:04a 620 A.... "C:\WINDOWS\$NtUninstallKB900725$\spuninst\KB900725.asms"
Feb 19 2008 1:48:10p 8,583 A.... "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.inf"
Feb 14 2008 11:08:52a 463 A.... "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.txt"
Feb 19 2008 1:57:24p 8,401 A.... "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.inf"
Feb 19 2008 1:57:00p 360 A.... "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.txt"
Feb 19 2008 2:08:12p 9,270 A.... "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.inf"
Feb 19 2008 2:07:50p 331 A.... "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.txt"
Feb 19 2008 1:51:14p 9,674 A.... "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.inf"
Feb 14 2008 11:40:24a 696 A.... "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.txt"
Feb 19 2008 1:49:08p 7,845 A.... "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.inf"
Feb 19 2008 1:48:46p 308 A.... "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.txt"
Feb 19 2008 1:55:06p 8,499 A.... "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.inf"
Feb 19 2008 1:54:42p 312 A.... "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.txt"
Feb 19 2008 1:51:00p 7,855 A.... "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.inf"
Feb 19 2008 1:50:36p 312 A.... "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.txt"
Feb 19 2008 2:55:42p 9,175 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.inf"
Feb 19 2008 2:55:16p 218 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.txt"
Feb 14 2008 11:11:10a 8,722 A.... "C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.inf"
Feb 14 2008 11:10:32a 1,623 A.... "C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.txt"
Feb 19 2008 1:48:16p 8,519 A.... "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.inf"
Feb 14 2008 11:27:10a 409 A.... "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.txt"
Feb 19 2008 1:58:56p 8,515 A.... "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.inf"
Feb 19 2008 1:58:30p 312 A.... "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.txt"
Feb 19 2008 2:00:14p 9,011 A.... "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.inf"
Feb 19 2008 1:59:32p 517 A.... "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.txt"
Feb 14 2008 11:30:06a 620 A.... "C:\WINDOWS\$NtUninstallKB921398$\spuninst\KB921398.asms"
Feb 14 2008 11:30:40a 9,500 A.... "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.inf"
Feb 14 2008 11:29:38a 478 A.... "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.txt"
Feb 14 2008 11:19:06a 7,258 A.... "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.inf"
Feb 14 2008 11:18:30a 183 A.... "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.txt"
Feb 14 2008 11:43:36a 9,266 A.... "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.inf"
Feb 14 2008 11:42:56a 415 A.... "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.txt"
Feb 19 2008 1:55:38p 672 A.... "C:\WINDOWS\$NtUninstallKB924667$\spuninst\KB924667.asms"
Feb 19 2008 1:56:04p 8,337 A.... "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.inf"
Feb 19 2008 1:55:36p 440 A.... "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.txt"
Feb 19 2008 2:21:36p 9,508 A.... "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.inf"
Feb 19 2008 2:21:12p 320 A.... "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.txt"
Feb 19 2008 1:49:52p 12,463 A.... "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.inf"
Feb 14 2008 11:19:16a 2,725 A.... "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.txt"
Feb 19 2008 1:49:28p 8,899 A.... "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.inf"
Feb 14 2008 10:58:28a 949 A.... "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.txt"
Feb 19 2008 1:48:30p 9,695 A.... "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.inf"
Feb 14 2008 11:43:50a 612 A.... "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.txt"
Feb 19 2008 1:47:58p 6,970 A.... "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.inf"
Feb 14 2008 11:03:36a 191 A.... "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.txt"
Feb 19 2008 3:09:24p 9,349 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
Feb 19 2008 3:09:06p 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
Feb 19 2008 3:07:00p 9,512 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
Feb 19 2008 3:06:40p 312 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
Feb 19 2008 1:45:16p 6,866 A.... "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.inf"
Feb 14 2008 11:01:58a 183 A.... "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.txt"
Feb 19 2008 2:01:28p 8,718 A.... "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.inf"
Feb 19 2008 2:01:08p 312 A.... "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.txt"
Feb 19 2008 1:48:24p 7,985 A.... "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.inf"
Feb 14 2008 11:00:28a 720 A.... "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.txt"
Feb 18 2008 12:59:50p 7,494 A.... "C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.inf"
Feb 18 2008 12:57:18p 323 A.... "C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.txt"
Feb 18 2008 1:02:22p 6,866 A.... "C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.inf"
Feb 18 2008 1:00:18p 107 A.... "C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.txt"
Feb 19 2008 2:10:04p 8,927 A.... "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.inf"
Feb 19 2008 2:09:42p 309 A.... "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.txt"
Feb 19 2008 1:45:52p 10,278 A.... "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.inf"
Feb 14 2008 11:27:58a 886 A.... "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.txt"
Feb 19 2008 2:05:14p 8,894 A.... "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.inf"
Feb 19 2008 2:04:52p 311 A.... "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.txt"
Feb 14 2008 11:01:50a 6,446 A.... "C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.inf"
Feb 14 2008 11:01:16a 305 A.... "C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.txt"
Feb 18 2008 12:56:28p 6,760 A.... "C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.inf"
Feb 18 2008 12:54:42p 91 A.... "C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.txt"
Feb 19 2008 1:46:00p 8,902 A.... "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.inf"
Feb 14 2008 11:37:50a 378 A.... "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.txt"
Feb 19 2008 1:46:18p 8,965 A.... "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.inf"
Feb 14 2008 11:50:44a 191 A.... "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.txt"
Feb 19 2008 1:56:32p 9,383 A.... "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.inf"
Feb 19 2008 1:56:10p 970 A.... "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.txt"
Feb 19 2008 2:10:30p 9,587 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.inf"
Feb 19 2008 2:10:10p 460 A.... "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.txt"
Feb 19 2008 2:03:22p 8,891 A.... "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.inf"
Feb 19 2008 2:02:56p 320 A.... "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.txt"
Feb 14 2008 11:08:40a 7,377 A.... "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.inf"
Feb 14 2008 11:07:58a 409 A.... "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.txt"
Feb 19 2008 1:52:16p 13,026 A.... "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.inf"
Feb 14 2008 11:48:16a 2,473 A.... "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.txt"
Feb 19 2008 2:05:38p 9,041 A.... "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.inf"
Feb 19 2008 2:05:18p 359 A.... "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.txt"
Feb 14 2008 11:21:28a 7,432 A.... "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.inf"
Feb 14 2008 11:20:50a 179 A.... "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.txt"
Feb 19 2008 1:45:40p 10,610 A.... "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.inf"
Feb 14 2008 10:57:12a 1,526 A.... "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.txt"
Feb 19 2008 2:21:08p 10,608 A.... "C:\WINDOWS\$NtUninstallKB943460_0$\spuninst\spuninst.inf"
Feb 19 2008 2:20:44p 517 A.... "C:\WINDOWS\$NtUninstallKB943460_0$\spuninst\spuninst.txt"
Feb 19 2008 2:04:48p 8,995 A.... "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf"
Feb 19 2008 2:04:26p 419 A.... "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt"
Feb 14 2008 11:10:20a 6,721 A.... "C:\WINDOWS\$NtUninstallKB888302_0$\spuninst\spuninst.inf"
Feb 14 2008 11:09:44a 183 A.... "C:\WINDOWS\$NtUninstallKB888302_0$\spuninst\spuninst.txt"
Feb 14 2008 11:22:16a 8,057 A.... "C:\WINDOWS\$NtUninstallKB890046_0$\spuninst\spuninst.inf"
Feb 14 2008 11:21:38a 231 A.... "C:\WINDOWS\$NtUninstallKB890046_0$\spuninst\spuninst.txt"
Feb 14 2008 11:48:04a 9,567 A.... "C:\WINDOWS\$NtUninstallKB885835_0$\spuninst\spuninst.inf"
Feb 14 2008 11:47:24a 549 A.... "C:\WINDOWS\$NtUninstallKB885835_0$\spuninst\spuninst.txt"
Feb 18 2008 12:46:50p 4,132 A.... "C:\WINDOWS\$NtServicePackUninstall$\spuninst\Service Pack 2.asms"
Feb 18 2008 12:54:08p 914,773 A.... "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.inf"
Feb 18 2008 12:35:04p 451,349 A.... "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.txt"
Feb 19 2008 2:57:12p 8,536 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.inf"
Feb 19 2008 2:56:46p 204 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.txt"
Feb 19 2008 2:58:38p 9,122 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.inf"
Feb 19 2008 2:58:14p 444 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.txt"
Feb 14 2008 11:31:56a 8,225 A.... "C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.inf"
Feb 14 2008 11:30:54a 416 A.... "C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.txt"
Feb 14 2008 11:07:44a 11,931 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.inf"
Feb 14 2008 11:06:42a 3,671 A.... "C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.txt"
Feb 14 2008 11:29:20a 8,223 A.... "C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.inf"
Feb 14 2008 11:28:38a 634 A.... "C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.txt"
Feb 14 2008 11:06:30a 11,162 A.... "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.inf"
Feb 14 2008 11:05:50a 4,261 A.... "C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.txt"
Feb 29 2008 7:38:08p 307,644 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
Mar 1 2008 4:50:42p 2,470 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
Feb 9 2008 7:31:38p 0 A.... "C:\WINDOWS\Debug\WPD\wpdtrace.log"
Feb 8 2008 7:34:06p 33,369,088 A.... "C:\WINDOWS\Downloaded Installations\{25BEC3AB-5CD4-481D-9143-215C1BBB189E}\Sony Ericsson PC Suite.msi"
Feb 18 2008 12:31:24p 22,245,337 ..... "C:\WINDOWS\Driver Cache\i386\sp2.cab"
Mar 3 2008 8:07:24p 1,499,136 A.... "C:\WINDOWS\erdnt\dss\default"
Mar 3 2008 8:05:48p 220 A.... "C:\WINDOWS\erdnt\dss\README.txt"
Mar 3 2008 8:05:54p 32,768 A.... "C:\WINDOWS\erdnt\dss\sam"
Mar 3 2008 8:07:10p 30,756,864 A.... "C:\WINDOWS\erdnt\dss\software"
Mar 3 2008 8:07:22p 8,953,856 A.... "C:\WINDOWS\erdnt\dss\system"
Feb 29 2008 5:15:24p 1,495,040 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
Feb 29 2008 5:15:24p 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
Feb 29 2008 5:15:24p 1,237 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
Feb 29 2008 5:15:24p 32,768 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
Feb 29 2008 5:15:22p 53,248 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
Feb 29 2008 5:15:24p 30,658,560 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
Feb 29 2008 5:15:24p 10,817,536 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
Feb 29 2008 7:37:56p 1,495,040 A.... "C:\WINDOWS\erdnt\subs\default"
Feb 29 2008 7:37:56p 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON"
Feb 29 2008 7:37:56p 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF"
Feb 29 2008 7:37:56p 32,768 A.... "C:\WINDOWS\erdnt\subs\SAM"
Feb 29 2008 7:37:52p 53,248 A.... "C:\WINDOWS\erdnt\subs\SECURITY"
Feb 29 2008 7:37:54p 30,736,384 A.... "C:\WINDOWS\erdnt\subs\software"
Feb 29 2008 7:37:54p 30,736,384 A.... "C:\WINDOWS\erdnt\subs\software.bak"
Feb 29 2008 7:37:58p 1,024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG"
Feb 29 2008 7:37:56p 10,817,536 A.... "C:\WINDOWS\erdnt\subs\system"
Feb 29 2008 7:37:56p 10,817,536 A.... "C:\WINDOWS\erdnt\subs\system.bak"
Feb 29 2008 7:37:58p 1,024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG"
Feb 19 2008 3:01:08p 355,537 A.... "C:\WINDOWS\ie7\spuninst\spuninst.inf"
Feb 19 2008 3:00:08p 9,050 A.... "C:\WINDOWS\ie7\spuninst\spuninst.txt"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
Feb 19 2008 3:04:02p 81,920 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
Feb 19 2008 3:04:02p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
Feb 19 2008 3:04:04p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
Feb 19 2008 3:04:04p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
Feb 19 2008 3:04:04p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
Feb 19 2008 3:04:04p 8,192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
Feb 19 2008 3:04:04p 12,288 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
Feb 19 2008 3:05:06p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002"
Feb 19 2008 3:05:06p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00003"
Feb 19 2008 3:05:08p 90,112 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00004"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00005"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00006"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00007"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00008"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00009"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00010"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00011"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00012"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00013"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00014"
Feb 19 2008 3:05:08p 8,192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00015"
Feb 19 2008 3:05:08p 12,288 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00016"
Feb 14 2008 11:34:30a 1,056,768 A.... "C:\WINDOWS\security\Database\KB914798.sdb"
Feb 19 2008 10:56:14a 3,153,920 A.... "C:\WINDOWS\security\Database\secedit.sdb"
Feb 18 2008 12:54:10p 1,056,768 A.... "C:\WINDOWS\security\Database\update.sdb"
Feb 19 2008 10:55:46a 3,242 A.... "C:\WINDOWS\security\logs\scecomp.old"
Feb 18 2008 12:54:10p 12,186 A.... "C:\WINDOWS\security\logs\update.log"
Feb 16 2008 3:32:34p 21 ..... "C:\WINDOWS\ServicePackFiles\i386\blank.txt"
Feb 16 2008 3:32:34p 18 ..... "C:\WINDOWS\ServicePackFiles\i386\empty.txt"
Feb 16 2008 3:32:54p 2,135 ..... "C:\WINDOWS\ServicePackFiles\i386\greenshd.gif"
Feb 16 2008 3:32:34p 112 ..... "C:\WINDOWS\ServicePackFiles\i386\medctrro.cmd"
Feb 16 2008 3:32:54p 2,119 ..... "C:\WINDOWS\ServicePackFiles\i386\redshd.gif"
Feb 16 2008 3:32:34p 15 ..... "C:\WINDOWS\ServicePackFiles\i386\smartnav.htm"
Feb 18 2008 12:31:24p 22,245,337 ..... "C:\WINDOWS\ServicePackFiles\i386\sp2.cab"
Feb 21 2008 11:07:24a 2,860 A.... "C:\WINDOWS\system32\%%DATA_DIR%%\catalog.z"
Jan 11 2008 11:23:32a 44,544 ..... "C:\WINDOWS\system32\dllcache\pngfilt.dll"
Jan 25 2008 3:40:32p 85,520 A.... "C:\WINDOWS\system32\drivers\bdfndisf.sys"
Jan 7 2008 5:41:34p 196,368 A.... "C:\WINDOWS\system32\drivers\bdfsfltr.sys"
Feb 29 2008 11:17:42a 2,870,944 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
Feb 19 2008 10:38:58p 0 A.... "C:\WINDOWS\system32\URTTemp\mscoree.dll.local"
Mar 4 2008 4:47:52p 0 A.... "C:\WINDOWS\TEMP\tmp00003913\tmp00000000"
Mar 4 2008 6:48:14p 0 A.... "C:\WINDOWS\TEMP\tmp00001533\tmp00000000"
Mar 3 2008 11:16:48p 0 A.... "C:\WINDOWS\TEMP\tmp0000149b\tmp00000000"
Mar 4 2008 12:47:10a 0 A.... "C:\WINDOWS\TEMP\tmp000059c5\tmp00000000"
Mar 4 2008 3:48:22p 0 A.... "C:\WINDOWS\TEMP\tmp00000b85\tmp00000000"
Feb 18 2008 12:46:48p 397 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest"
Feb 14 2008 11:12:22a 1,812 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01.Manifest"
Feb 14 2008 11:30:06a 1,812 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85.Manifest"
Feb 14 2008 11:04:30a 1,812 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e.Manifest"
Feb 18 2008 12:46:50p 1,862 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest"
Feb 14 2008 11:09:04a 1,812 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44.Manifest"
Feb 18 2008 12:46:50p 500 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest"
Feb 18 2008 12:46:48p 1,237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest"
Feb 19 2008 1:55:38p 1,822 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest"
Feb 18 2008 12:46:48p 1,877 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest"
Feb 18 2008 12:46:48p 1,177 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest"
Feb 18 2008 12:46:50p 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc
0.Manifest"
Feb 19 2008 1:52:06p 1,862 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest"
Jan 11 2008 11:27:26a 44,544 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll"
Jan 11 2008 11:26:52a 705 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\update\branches.inf"
Jan 11 2008 5:41:14p 32,354 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\update\KB944533-IE7.CAT"
Jan 11 2008 6:32:06p 5,958 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.ver"
Jan 11 2008 11:26:52a 500 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updatebr.inf"
Jan 11 2008 5:39:40p 114,698 A.... "C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update_SP2QFE.inf"
Feb 21 2008 11:04:50a 10,706 A.... "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.inf"
Feb 21 2008 11:04:28a 388 A.... "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.txt"
Feb 19 2008 3:04:42p 21,924 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
Feb 19 2008 3:04:04p 7,427 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
Feb 19 2008 3:05:52p 22,110 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf"
Feb 19 2008 3:05:08p 8,071 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.txt"
Feb 18 2008 12:51:30p 14,688,256 A.... "C:\WINDOWS\PCHealth\HelpCtr\Database\HCdata.edb"
Feb 18 2008 12:50:34p 2,974,155 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\merged.hhk"
Feb 18 2008 12:50:34p 13,328 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_2.hhk"
Feb 18 2008 12:50:34p 16,703 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_3.hhk"
Feb 18 2008 12:50:34p 35,565 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_4.hhk"
Feb 18 2008 12:50:34p 20,016 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_5.hhk"
Feb 18 2008 12:50:34p 15,646 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_6.hhk"
Feb 18 2008 12:50:34p 102,895 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_7.hhk"
Feb 18 2008 12:50:34p 209,095 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_8.hhk"
Feb 18 2008 12:50:34p 51,061 A.... "C:\WINDOWS\PCHealth\HelpCtr\Indices\scoped_9.hhk"
Feb 18 2008 12:51:10p 611,625 A.... "C:\WINDOWS\PCHealth\HelpCtr\Logs\hcupdate.log"
Feb 18 2008 12:50:58p 406,839 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat"
Feb 18 2008 12:51:10p 4 A.... "C:\WINDOWS\PCHealth\HelpCtr\PackageStore\CRC_Disk"
Feb 18 2008 12:48:00p 305,145 ..SHR "C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_66.cab"
Feb 18 2008 12:50:58p 68,327 ..SHR "C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_67.cab"
Feb 18 2008 12:51:10p 26,446 A.... "C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin"
Feb 9 2008 7:31:04p 578 A.... "C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\$BackupData$"
Feb 9 2008 7:31:28p 578 A.... "C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\$BackupData$"
Feb 9 2008 7:31:34p 578 A.... "C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\$BackupData$"
Feb 9 2008 7:31:14p 578 A.... "C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\$BackupData$"
Feb 9 2008 7:31:16p 578 A.... "C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\$BackupData$"
Feb 9 2008 7:31:10p 578 A.... "C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\$BackupData$"
Feb 9 2008 4:59:18p 7,392 A.... "C:\WINDOWS\srchasst\mui\0409\lcladvmm.xml"
Jan 22 2008 11:29:22a 414 A.... "C:\WINDOWS\srchasst\mui\0409\lcllook.xml"
Jan 11 2008 5:41:14p 32,354 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB944533-IE7.cat"
Feb 23 2008 3:40:48p 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
Feb 29 2008 7:39:30p 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
Jan 9 2008 4:03:54p 23,723 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
Jan 9 2008 4:03:54p 74,137 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
Feb 21 2008 11:07:16a 32,768 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
Feb 16 2008 3:32:54p 2,135 A.... "C:\WINDOWS\system32\oobe\images\greenshd.gif"
Feb 16 2008 3:32:54p 2,119 A.... "C:\WINDOWS\system32\oobe\images\redshd.gif"
Feb 19 2008 10:56:06a 4,294 A.... "C:\WINDOWS\system32\wbem\AutoRecover\200C7F224D69330AC39BB3579C77D9EC.mof"
Feb 19 2008 10:39:32p 2,376 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof"
Feb 19 2008 10:56:56a 8,820 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof"
Feb 19 2008 10:56:06a 124,028 A.... "C:\WINDOWS\system32\wbem\AutoRecover\874627EFDC938CF63B927223C7BB7589.mof"
Feb 19 2008 10:56:56a 88,742 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof"
Feb 14 2008 11:04:30a 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1816.Policy"
Feb 14 2008 11:09:04a 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1740.Policy"
Feb 14 2008 11:12:22a 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1891.Policy"
Feb 19 2008 1:52:06p 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy"
Feb 14 2008 11:30:06a 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1873.Policy"
Feb 18 2008 12:46:50p 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy"
Feb 18 2008 12:46:50p 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy"
Feb 18 2008 12:46:50p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy"
Feb 18 2008 12:46:48p 605 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy"
Feb 18 2008 12:46:50p 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy"
Feb 19 2008 1:55:38p 644 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy"
Feb 18 2008 12:46:48p 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy"
Feb 29 2008 5:15:24p 233,472 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
Feb 29 2008 5:15:24p 8,192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
Feb 29 2008 5:15:24p 233,472 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT"
Feb 29 2008 5:15:24p 8,192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
Feb 29 2008 5:15:24p 3,457,024 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat"
Feb 29 2008 5:15:24p 8,192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"
Feb 18 2008 12:50:36p 62 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000000.query"
Feb 18 2008 12:50:36p 752 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000001.query"
Feb 18 2008 12:50:36p 752 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000002.query"
Feb 18 2008 12:50:36p 194 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000004.query"
Feb 18 2008 12:50:42p 266 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000100.query"
Feb 18 2008 12:50:42p 2,990 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000102.query"
Feb 18 2008 12:50:42p 2,990 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000103.query"
Feb 18 2008 12:50:42p 246 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000104.query"
Feb 18 2008 12:50:50p 260 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000200.query"
Feb 18 2008 12:50:50p 5,784 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000202.query"
Feb 18 2008 12:50:50p 5,784 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000203.query"
Feb 18 2008 12:50:50p 208 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000204.query"
Feb 18 2008 12:50:36p 1,614 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000006.query"
Feb 18 2008 12:50:42p 7,626 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000106.query"
Feb 18 2008 12:50:50p 2,334 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000206.query"
Feb 18 2008 12:50:36p 1,614 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000005.query"
Feb 18 2008 12:50:42p 7,626 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000107.query"
Feb 18 2008 12:50:38p 2,452 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000086.query"
Feb 18 2008 12:50:46p 5,186 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000186.query"
Feb 18 2008 12:50:56p 858 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000286.query"
Feb 18 2008 12:50:38p 386 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000084.query"
Feb 18 2008 12:50:56p 3,868 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000283.query"
Feb 18 2008 12:50:46p 270 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000184.query"
Feb 18 2008 12:50:38p 2,452 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000085.query"
Feb 18 2008 12:50:56p 130 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000284.query"
Feb 18 2008 12:50:46p 6,114 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000183.query"
Feb 18 2008 12:50:38p 8,558 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000082.query"
Feb 18 2008 12:50:46p 6,114 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000182.query"
Feb 18 2008 12:50:38p 8,558 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000083.query"
Feb 18 2008 12:50:56p 3,868 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000282.query"
Feb 18 2008 12:50:38p 216 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000080.query"
Feb 18 2008 12:50:46p 282 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000180.query"
Feb 18 2008 12:50:56p 178 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000280.query"
Feb 18 2008 12:50:46p 5,186 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000187.query"
Feb 18 2008 12:50:36p 2,716 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000016.query"
Feb 18 2008 12:50:42p 520 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000116.query"
Feb 18 2008 12:50:36p 2,716 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000017.query"
Feb 18 2008 12:50:50p 306 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000216.query"
Feb 18 2008 12:50:42p 520 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000115.query"
Feb 18 2008 12:50:36p 314 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000014.query"
Feb 18 2008 12:50:50p 5,052 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000213.query"
Feb 18 2008 12:50:42p 374 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000114.query"
Feb 18 2008 12:50:50p 160 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000214.query"
Feb 18 2008 12:50:42p 2,056 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000113.query"
Feb 18 2008 12:50:36p 662 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000012.query"
Feb 18 2008 12:50:50p 316 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000211.query"
Feb 18 2008 12:50:42p 2,056 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000112.query"
Feb 18 2008 12:50:36p 662 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000013.query"
Feb 18 2008 12:50:50p 5,360 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000212.query"
Feb 18 2008 12:50:36p 232 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000010.query"
Feb 18 2008 12:50:42p 190 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000110.query"
Feb 18 2008 12:50:50p 158 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000210.query"
Feb 18 2008 12:50:38p 1,892 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000096.query"
Feb 18 2008 12:50:56p 966 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000295.query"
Feb 18 2008 12:50:46p 6,540 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000196.query"
Feb 18 2008 12:50:56p 966 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000296.query"
Feb 18 2008 12:50:38p 294 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000094.query"
Feb 18 2008 12:50:56p 2,602 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000293.query"
Feb 18 2008 12:50:46p 310 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000194.query"
Feb 18 2008 12:50:38p 1,892 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000095.query"
Feb 18 2008 12:50:56p 194 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000294.query"
Feb 18 2008 12:50:46p 4,088 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000193.query"
Feb 18 2008 12:50:38p 7,226 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000092.query"
Feb 18 2008 12:50:46p 4,088 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000192.query"
Feb 18 2008 12:50:38p 7,226 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000093.query"
Feb 18 2008 12:50:56p 2,602 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000292.query"
Feb 18 2008 12:50:38p 228 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000090.query"
Feb 18 2008 12:50:46p 266 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000190.query"
Feb 18 2008 12:50:56p 214 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000290.query"
Feb 18 2008 12:50:46p 6,540 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000197.query"
Feb 18 2008 12:50:38p 1,782 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a6.query"
Feb 18 2008 12:50:46p 3,572 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a7.query"
Feb 18 2008 12:50:38p 1,782 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a7.query"
Feb 18 2008 12:50:56p 4,752 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002a6.query"
Feb 18 2008 12:50:46p 164 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a4.query"
Feb 18 2008 12:50:38p 258 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a4.query"
Feb 18 2008 12:50:56p 242 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002a3.query"
Feb 18 2008 12:50:56p 130 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002a4.query"
Feb 18 2008 12:50:46p 3,924 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a2.query"
Feb 18 2008 12:50:38p 3,342 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a2.query"
Feb 18 2008 12:50:46p 3,924 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a3.query"
Feb 18 2008 12:50:38p 3,342 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a3.query"
Feb 18 2008 12:50:56p 242 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002a2.query"
Feb 18 2008 12:50:46p 180 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a0.query"
Feb 18 2008 12:50:38p 216 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000a0.query"
Feb 18 2008 12:50:56p 128 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002a0.query"
Feb 18 2008 12:50:46p 3,572 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001a6.query"
Feb 18 2008 12:50:36p 1,572 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000026.query"
Feb 18 2008 12:50:50p 1,970 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000225.query"
Feb 18 2008 12:50:44p 6,412 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000126.query"
Feb 18 2008 12:50:50p 1,970 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000226.query"
Feb 18 2008 12:50:36p 438 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000024.query"
Feb 18 2008 12:50:50p 1,220 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000223.query"
Feb 18 2008 12:50:44p 262 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000124.query"
Feb 18 2008 12:50:36p 1,572 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000025.query"
Feb 18 2008 12:50:50p 82 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000224.query"
Feb 18 2008 12:50:44p 3,554 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000123.query"
Feb 18 2008 12:50:36p 786 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000022.query"
Feb 18 2008 12:50:42p 3,554 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000122.query"
Feb 18 2008 12:50:36p 786 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000023.query"
Feb 18 2008 12:50:50p 1,220 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000222.query"
Feb 18 2008 12:50:36p 264 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000020.query"
Feb 18 2008 12:50:42p 246 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000120.query"
Feb 18 2008 12:50:50p 98 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000220.query"
Feb 18 2008 12:50:44p 6,412 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000127.query"
Feb 18 2008 12:50:40p 2,596 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b6.query"
Feb 18 2008 12:50:46p 3,030 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b7.query"
Feb 18 2008 12:50:58p 1,910 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002b6.query"
Feb 18 2008 12:50:46p 216 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b4.query"
Feb 18 2008 12:50:40p 472 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b4.query"
Feb 18 2008 12:50:58p 1,914 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002b3.query"
Feb 18 2008 12:50:40p 2,596 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b5.query"
Feb 18 2008 12:50:58p 218 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002b4.query"
Feb 18 2008 12:50:46p 3,206 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b2.query"
Feb 18 2008 12:50:40p 1,614 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b2.query"
Feb 18 2008 12:50:46p 3,206 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b3.query"
Feb 18 2008 12:50:40p 1,614 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b3.query"
Feb 18 2008 12:50:58p 1,914 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002b2.query"
Feb 18 2008 12:50:46p 128 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b0.query"
Feb 18 2008 12:50:40p 184 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000000b0.query"
Feb 18 2008 12:50:58p 326 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000002b0.query"
Feb 18 2008 12:50:46p 3,030 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\000001b6.query"
Feb 18 2008 12:50:36p 1,000 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000036.query"
Feb 18 2008 12:50:44p 4,738 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000136.query"
Feb 18 2008 12:50:52p 2,074 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000236.query"
Feb 18 2008 12:50:36p 504 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000034.query"
Feb 18 2008 12:50:44p 298 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000134.query"
Feb 18 2008 12:50:36p 1,000 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000035.query"
Feb 18 2008 12:50:52p 182 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000234.query"
Feb 18 2008 12:50:36p 564 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000032.query"
Feb 18 2008 12:50:50p 2,618 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000231.query"
Feb 18 2008 12:50:44p 2,194 A.... "C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\Professional_32#0409\00000132.query"
Feb 18 2008 12:50:50p 2,618 A..
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need to post it all

Continue on with the steps in my previous post
  • 0

#13
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Thank you very much for ur help. I've the OTMoveIt2 application and have pasted the log below. I restarted the system after running the application as per your instructions. Unfortunately, I'm back to square one. The system logs on and then goes onto the windows screen with blue background with the pointer in the middle. I can access Task Manager through Ctrl+Alt+Del but nothing else. I've restarted the system in Safe Mode and run the DSS scan and generated a System Report.

OTMoveIt2

[Custom Input]
< E:\tomskype.exe >
File/Folder E:\tomskype.exe not found.
< purity >
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa037a-e6ac-11dc-a38d-de4af262252f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa037a-e6ac-11dc-a38d-de4af262252f}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}\\ deleted successfully.

OTMoveIt2 v1.0.20 log created on 03042008_201157

Deckard's System Scanner v20071014.68

Deckard's System Scanner v20071014.68
Run by jll2 on 2008-03-04 21:25:49
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as jll2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:57 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jll2\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jll2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.j...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.jon...oard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.j...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8718 bytes

-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 19:48:37 1312657 --a------ C:\SDFix.exe
2008-03-04 11:36:16 3976 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-04 10:29:17 0 d-------- C:\SAV32CLI
2008-03-03 19:22:22 0 d-------- C:\Documents and Settings\jll2\Application Data\Uniblue
2008-03-03 19:04:39 0 d-------- C:\Program Files\Uniblue
2008-03-03 15:09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 15:09:32 0 d-------- C:\Documents and Settings\jll2\Application Data\Mozilla
2008-03-03 14:05:06 3503 --a------ C:\Start_.cmd
2008-03-03 14:01:46 0 d-------- C:\327882R2FWJFW
2008-03-01 17:59:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 17:56:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 17:56:54 0 d-------- C:\Documents and Settings\jll2\Application Data\SUPERAntiSpyware.com
2008-02-29 19:45:02 0 d-------- C:\Program Files\Trend Micro
2008-02-29 17:15:58 0 d-------- C:\cmdcons
2008-02-29 17:14:38 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-29 17:14:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-29 17:14:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-29 17:14:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-28 15:39:37 0 d-------- C:\VundoFix Backups
2008-02-25 12:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 15:43:10 0 d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Program Files\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files\BitDefender
2008-02-23 12:18:28 0 d-------- C:\WINDOWS\pss
2008-02-21 21:45:36 0 d-------- C:\Temp
2008-02-21 21:44:23 0 d-------- C:\Program Files\Xilisoft
2008-02-21 11:07:17 0 d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42:03 0 d-------- C:\Program Files\Unity
2008-02-19 22:40:37 0 d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38:56 0 d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33:38 0 d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26:45 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-19 20:26:35 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-19 20:26:34 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-19 20:26:34 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-19 20:26:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-19 20:26:33 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-19 20:26:33 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-19 20:26:31 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-19 20:26:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 18:54:40 0 d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11:42 0 d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 18:11:38 0 d-------- C:\Program Files\StumbleUpon
2008-02-19 14:52:55 0 d-------- C:\WINDOWS\network diagnostic
2008-02-19 14:07:39 0 d-------- C:\Program Files\MSXML 4.0
2008-02-19 10:51:09 0 d-------- C:\WINDOWS\Prefetch
2008-02-18 12:46:02 0 d-------- C:\WINDOWS\peernet
2008-02-18 12:46:01 0 d-------- C:\WINDOWS\provisioning
2008-02-18 12:42:16 0 d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31:26 0 d-------- C:\WINDOWS\EHome
2008-02-15 10:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-13 10:01:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-13 09:35:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-09 19:28:40 0 d-------- C:\Program Files\Winamp
2008-02-09 19:28:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:38:34 0 d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:36:49 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35:43 0 d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:35:24 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35:21 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35:17 0 d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:34:37 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24:47 0 d-------- C:\WINDOWS\system32\Dell
2008-02-07 13:12:18 0 d-------- C:\Documents and Settings\jll2\Application Data\Sun
2008-02-07 12:35:55 0 d-------- C:\Documents and Settings\jll2\Application Data\WinRAR
2008-02-07 11:29:01 0 d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-07 10:06:25 0 d-------- C:\Documents and Settings\jll2\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-03-01 17:48:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 15:30:21 0 d-------- C:\Program Files\Common Files
2008-02-19 19:16:42 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-19 14:13:49 0 d-------- C:\Program Files\Microsoft Works
2008-02-18 12:46:04 0 d-------- C:\Program Files\Movie Maker
2008-02-18 12:41:40 0 d-------- C:\Program Files\Windows NT
2008-02-07 18:24:47 0 d-------- C:\Program Files\Dell
2008-02-07 11:28:52 0 d-------- C:\Documents and Settings\jll2\Application Data\Adobe
2008-01-28 10:01:40 0 d-------- C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 15:49:00 0 d-------- C:\Program Files\FriendFinder


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/05/2005 06:52 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/05/2005 06:49 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 05:30 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 12:12 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [06/13/2007 08:16 AM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/25/2008 12:10 PM]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [04/30/2004 09:37 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/16/2008 04:24 AM]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [03/22/2007 07:17 PM]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [08/31/2005 04:50 PM]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [04/02/2007 09:42 PM]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [04/19/2007 02:00 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 11:01 AM]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [04/19/2007 02:00 PM]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [03/22/2007 07:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:26 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [02/13/2004 07:55 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [10/22/2007 10:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BGInfo.lnk - C:\WINDOWS\Bginfo.exe [11/11/2005 2:40:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan




-- End of Deckard's System Scanner: finished at 2008-03-04 21:26:38 ------------



Thank you very much patience and help. Really appreciate it.

Warm Regards,
Manish.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I don't think this is due to malware

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#15
ManishKR

ManishKR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello Rorschach112,


Thank you for your help. I've run the Kaspersky Scan in Safe Mode and it came up with 3 viruses found and 6 infected objects found. I've included the report below.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 05, 2008 1:54:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/03/2008
Kaspersky Anti-Virus database records: 596397


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 76069
Number of viruses found 3
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:24:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\jll2\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped

C:\Documents and Settings\jll2\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked skipped

C:\Documents and Settings\jll2\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped

C:\Documents and Settings\jll2\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped

C:\Documents and Settings\jll2\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jll2\Desktop\New Folder\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jll2\Desktop\New Folder\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jll2\Desktop\New Folder\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\jll2\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jll2\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\jll2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jll2\ntuser.dat Object is locked skipped

C:\Documents and Settings\jll2\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfirewall.txt Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\cjlpgrin.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP376\A0055207.exe Infected: not-a-virus:RiskTool.Win32.PsExec.153 skipped

C:\System Volume Information\_restore{1FDE0963-4827-47BB-A16F-ADABE1AF7C56}\RP387\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\Software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\System.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


What do you suggest we do now? I'm really desperate to get the system working again now,

Thank you,
Warm Regards,
Manish
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP