Does anybody know what this is? "Form1"

mr_banana_pants · September 9, 2009

http://img441.imageshack.us/img441/6223/46824657.jpg

It just started to appear in the bottom left hand corner of the screen above the Start button on the task bar.

If I click it, it goes to expand but nothing appears. It then disappears but returns around 15mins later.

I think it may have something to do with Avast! or Outpost Firewall which I have recently installed.

Any ideas? Thanks

Plastic Nev · September 9, 2009

Hi, the only help I can give is that I don't think it is Avast, I have been running Avast for a long time and not seen that, it may be your firewall, but others may know more.

Nev.

chiaz · September 10, 2009

Hello mr_banana_pants,

I haven't heard of something like this happening to Avast or Outpost users.

I'm thinking that this could be due to malware.

====

Please download Random's system information tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSIT.exe to run RSIT.

Click Continue at the disclaimer screen.

Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I will review the two logs when they come in.

Edited September 10, 2009 by chiaz

AshtonCourie · September 10, 2009

In Task Manager (Ctrl-Alt-Del) can you see Form1 in the Application list? If yes, right click on Form1 and click goto Process, this should take you to the executable. Post its name here.

mr_banana_pants · September 16, 2009

In Task Manager (Ctrl-Alt-Del) can you see Form1 in the Application list? If yes, right click on Form1 and click goto Process, this should take you to the executable. Post its name here.

Sorry for the late reply.

I tried this but couldn't see anything.

I've been searching around the net and found this link for someone with a similar sounding problem.

Apologises for linking elsewhere. I haven't actually found the help on that site to work. Maybe it will be of use to you guys to help me though?

Thank again

RandyL · September 16, 2009

I would have thought like Ashton that something should have shown in task manager.

Anyway can you run the RSIT that chiaz asked you to run? It might give us a clue as to what is running.

Don't worry about the link. Although it is of no help you only linked to it in good faith.

mr_banana_pants · September 16, 2009

I would have thought like Ashton that something should have shown in task manager.

Anyway can you run the RSIT that chiaz asked you to run? It might give us a clue as to what is running.

Don't worry about the link. Although it is of no help you only linked to it in good faith.

Apologises. I didn't see those instructions. I'll run it now and post the results!:)

mr_banana_pants · September 16, 2009

Logfile of random's system information tool 1.06 (written by random/random)

Run by TARDIS at 2009-09-16 18:41:48

Microsoft Windows XP Professional Service Pack 3

System drive C: has 3 GB (13%) free of 20 GB

Total RAM: 1014 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:53, on 16/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\vortex.scr

C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARDIS\My Documents\Downloads\RSIT.exe

C:\Program Files\trend micro\TARDIS.exe

C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com - Home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Update Agent.lnk = ?

O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250816177859

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.9.909.2235 (GoogleDesktopManager-090209-075101) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe

mr_banana_pants · September 16, 2009

--

End of file - 9172 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-688789844-682003330-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-688789844-682003330-1003UA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-688789844-682003330-1011Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-688789844-682003330-1011UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]

"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]

"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-09 30192]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-10 149280]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-20 133104]

"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-11 1994480]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe

Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-11 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8d8a0c7-8dc3-11de-ae9b-001372909d17}]

shell\AutoRun\command - F:\AutoRun.exe

mr_banana_pants · September 16, 2009

======List of files/folders created in the last 1 months======

2009-09-16 18:41:49 ----D---- C:\Program Files\trend micro

2009-09-16 18:41:48 ----D---- C:\rsit

2009-09-15 18:28:17 ----D---- C:\Program Files\iPod

2009-09-15 18:28:13 ----D---- C:\Program Files\iTunes

2009-09-15 18:28:13 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-15 18:26:23 ----D---- C:\Program Files\Bonjour

2009-09-15 18:25:23 ----D---- C:\Program Files\QuickTime

2009-09-15 18:24:38 ----SHD---- C:\Config.Msi

2009-09-10 20:10:54 ----D---- C:\Program Files\a-squared Free

2009-09-10 20:09:54 ----D---- C:\WINDOWS\Sun

2009-09-10 20:02:11 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-10 19:12:27 ----A---- C:\WINDOWS\system32\javaws.exe

2009-09-10 19:12:27 ----A---- C:\WINDOWS\system32\javaw.exe

2009-09-10 19:12:27 ----A---- C:\WINDOWS\system32\java.exe

2009-09-10 19:12:27 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-09-10 19:12:08 ----D---- C:\Program Files\Java

2009-09-10 19:10:40 ----D---- C:\Documents and Settings\TARDIS\Application Data\Sun

2009-09-10 18:33:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-09-10 18:33:34 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit

2009-09-10 18:33:26 ----D---- C:\Program Files\DAP

2009-09-10 13:42:14 ----D---- C:\Program Files\Sky Broadband

2009-09-10 13:37:51 ----A---- C:\WINDOWS\system32\RaCoInst.dll

2009-09-10 13:37:41 ----D---- C:\Program Files\EDIMAX

2009-09-10 13:37:28 ----D---- C:\Documents and Settings\TARDIS\Application Data\InstallShield

2009-09-09 17:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-09-09 17:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-09-09 17:07:06 ----D---- C:\Program Files\Google

2009-08-27 14:59:28 ----D---- C:\Documents and Settings\TARDIS\Application Data\Mp3tag

2009-08-27 14:51:14 ----D---- C:\Documents and Settings\TARDIS\Application Data\Apple Computer

2009-08-27 11:31:43 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek

2009-08-27 11:01:21 ----A---- C:\WINDOWS\VORTEX.TXT

2009-08-27 10:51:03 ----A---- C:\WINDOWS\system32\stkit432.dll

2009-08-27 10:51:03 ----A---- C:\WINDOWS\ST4UNST.EXE

2009-08-27 10:33:38 ----D---- C:\WINDOWS\system32\tunnel dir

2009-08-27 10:10:05 ----D---- C:\WINDOWS\system32\Adobe

2009-08-27 09:00:15 ----D---- C:\Documents and Settings\TARDIS\Application Data\WinRAR

2009-08-26 22:34:11 ----D---- C:\Documents and Settings\TARDIS\Application Data\Spotify

2009-08-26 22:30:53 ----D---- C:\Program Files\Spotify

2009-08-26 22:24:59 ----D---- C:\Program Files\SoulseekNS

2009-08-26 20:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

2009-08-23 19:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-08-23 19:08:14 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2009-08-21 11:29:20 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-08-21 11:29:19 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-08-21 11:28:59 ----D---- C:\WINDOWS\system32\appmgmt

2009-08-21 01:45:11 ----D---- C:\Documents and Settings\TARDIS\Application Data\vlc

2009-08-21 01:40:52 ----D---- C:\Program Files\XP Codec Pack

2009-08-21 01:38:51 ----A---- C:\WINDOWS\iun6002.exe

2009-08-21 01:38:38 ----D---- C:\Program Files\Codec Pack - All In 1

2009-08-21 01:37:54 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt

2009-08-21 01:16:26 ----A---- C:\WINDOWS\cdplayer.ini

2009-08-21 01:15:44 ----D---- C:\Documents and Settings\All Users\Application Data\FreeRIP

2009-08-20 23:27:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-20 23:27:07 ----D---- C:\Program Files\SUPERAntiSpyware

2009-08-20 23:27:07 ----D---- C:\Documents and Settings\TARDIS\Application Data\SUPERAntiSpyware.com

2009-08-20 23:26:36 ----D---- C:\Program Files\Agnitum

2009-08-20 23:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum

2009-08-20 23:25:46 ----D---- C:\Documents and Settings\TARDIS\Application Data\Malwarebytes

2009-08-20 23:25:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-20 23:25:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-20 23:24:52 ----A---- C:\WINDOWS\system32\MSVCR71.dll

2009-08-20 23:24:52 ----A---- C:\WINDOWS\system32\MSVCP71.dll

2009-08-20 23:24:52 ----A---- C:\WINDOWS\system32\MFC71.dll

2009-08-20 23:24:52 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-08-20 23:24:50 ----D---- C:\Program Files\Alwil Software

2009-08-20 23:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-08-20 23:13:38 ----D---- C:\Program Files\Common Files\Adobe

2009-08-20 23:13:38 ----D---- C:\Program Files\Adobe

2009-08-20 22:33:16 ----D---- C:\Documents and Settings\TARDIS\Application Data\Macromedia

2009-08-20 22:33:14 ----D---- C:\Documents and Settings\TARDIS\Application Data\Adobe

2009-08-20 22:26:08 ----D---- C:\Documents and Settings\TARDIS\Application Data\uTorrent

2009-08-20 22:24:54 ----D---- C:\Documents and Settings\TARDIS\Application Data\Birdstep Technology

2009-08-20 22:24:30 ----D---- C:\Documents and Settings\TARDIS\Application Data\Identities

2009-08-20 22:24:24 ----SD---- C:\Documents and Settings\TARDIS\Application Data\Microsoft

2009-08-20 22:24:24 ----ASH---- C:\Documents and Settings\TARDIS\Application Data\desktop.ini

2009-08-20 21:27:51 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-08-20 21:17:45 ----D---- C:\WINDOWS\Minidump

2009-08-20 21:00:45 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt

2009-08-20 20:45:02 ----A---- C:\WINDOWS\system32\libmySQL.dll

2009-08-20 20:39:53 ----D---- C:\Program Files\Sierra On-Line

2009-08-20 20:35:04 ----D---- C:\Program Files\WON

2009-08-20 20:24:50 ----A---- C:\WINDOWS\sierra.ini

2009-08-20 20:11:08 ----D---- C:\Program Files\AVG

2009-08-20 20:08:05 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-08-20 20:08:05 ----A---- C:\WINDOWS\system32\GEARAspi.dll

2009-08-20 20:06:40 ----D---- C:\Program Files\Common Files\Apple

2009-08-20 20:06:23 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-08-20 19:42:08 ----D---- C:\Program Files\Microsoft

2009-08-20 19:41:51 ----D---- C:\Program Files\Windows Live SkyDrive

2009-08-20 19:41:26 ----D---- C:\Program Files\Windows Live

2009-08-20 19:28:07 ----D---- C:\Program Files\Monkey's Audio

2009-08-20 19:28:07 ----A---- C:\WINDOWS\system32\unicows.dll

2009-08-20 19:28:07 ----A---- C:\WINDOWS\system32\MACDll.dll

2009-08-20 19:27:58 ----D---- C:\Program Files\FLAC

2009-08-20 19:27:31 ----D---- C:\Program Files\PeerGuardian2

2009-08-20 19:24:24 ----D---- C:\Program Files\Common Files\Windows Live

2009-08-20 19:24:03 ----D---- C:\Program Files\uTorrent

2009-08-20 19:23:40 ----D---- C:\Program Files\Audacity

2009-08-20 19:21:59 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

2009-08-20 19:21:54 ----A---- C:\WINDOWS\system32\pthreadGC2.dll

2009-08-20 19:21:51 ----D---- C:\Program Files\AoA Audio Extractor

2009-08-20 19:21:36 ----D---- C:\Program Files\Mp3tag

2009-08-20 19:20:10 ----SHD---- C:\RECYCLER

2009-08-20 19:19:01 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-08-20 19:18:03 ----D---- C:\Documents and Settings\All Users\Application Data\Final Draft

2009-08-20 19:17:58 ----D---- C:\Program Files\Final Draft Tagger

2009-08-20 19:17:58 ----D---- C:\Program Files\Final Draft 7

2009-08-20 19:17:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-08-20 19:17:10 ----D---- C:\Program Files\Unlocker

2009-08-20 19:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-08-20 19:14:03 ----D---- C:\Program Files\Apple Software Update

2009-08-20 19:14:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2009-08-20 19:13:46 ----A---- C:\WINDOWS\ODBC.INI

2009-08-20 19:13:17 ----D---- C:\Program Files\Microsoft ActiveSync

2009-08-20 19:13:08 ----D---- C:\Program Files\VideoLAN

2009-08-20 19:13:05 ----D---- C:\Program Files\Common Files\Designer

2009-08-20 19:12:50 ----D---- C:\WINDOWS\ShellNew

2009-08-20 19:12:42 ----D---- C:\Program Files\Microsoft Office

2009-08-20 19:09:03 ----D---- C:\Documents and Settings\All Users\Application Data\Birdstep Technology

2009-08-20 19:08:06 ----D---- C:\Program Files\Huawei Modems

2009-08-20 19:08:06 ----D---- C:\Program Files\3

2009-08-20 19:08:06 ----A---- C:\WINDOWS\Huawei ModemsUninstall.exe

2009-08-20 19:01:36 ----D---- C:\Program Files\WinRAR

2009-08-20 15:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2009-08-20 15:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2009-08-20 15:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2009-08-20 15:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2009-08-20 15:31:02 ----A---- C:\WINDOWS\system32\igfxres.dll

2009-08-20 15:29:25 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2009-08-20 15:29:12 ----D---- C:\Program Files\Windows Media Connect 2

2009-08-20 15:29:04 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2009-08-20 15:28:30 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2009-08-20 15:28:10 ----D---- C:\WINDOWS\system32\LogFiles

2009-08-20 15:28:06 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2009-08-20 15:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-20 15:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-20 15:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-20 15:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-20 15:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-20 15:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2009-08-20 15:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-20 15:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2009-08-20 15:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-20 15:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2009-08-20 15:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$

2009-08-20 15:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$

2009-08-20 15:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-08-20 15:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-08-20 15:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-08-20 15:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

2009-08-20 15:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-08-20 15:13:10 ----D---- C:\WINDOWS\ie8updates

2009-08-20 15:12:54 ----D---- C:\WINDOWS\WBEM

mr_banana_pants · September 16, 2009

2009-08-20 15:12:04 ----HDC---- C:\WINDOWS\ie8

2009-08-20 15:11:26 ----A---- C:\WINDOWS\system32\MRT.exe

2009-08-20 15:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-08-20 15:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-08-20 15:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-08-20 15:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-08-20 15:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-08-20 15:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-08-20 15:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-08-20 15:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-08-20 15:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-08-20 15:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-08-20 15:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-08-20 15:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-08-20 15:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-08-20 15:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-08-20 15:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-08-20 15:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2009-08-20 15:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-08-20 15:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-08-20 15:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-08-20 15:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-08-20 15:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-08-20 15:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2009-08-20 15:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-08-20 15:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-08-20 15:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2009-08-20 15:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-08-20 15:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-08-20 15:01:30 ----N---- C:\WINDOWS\system32\xpsp4res.dll

2009-08-20 14:58:54 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2009-08-20 14:58:45 ----D---- C:\WINDOWS\system32\PreInstall

2009-08-20 14:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

2009-08-20 14:56:48 ----D---- C:\WINDOWS\Prefetch

2009-08-20 14:53:47 ----A---- C:\WINDOWS\system32\h323log.txt

2009-08-20 14:52:15 ----N---- C:\WINDOWS\system32\msxml6r.dll

2009-08-20 14:52:15 ----A---- C:\WINDOWS\system32\msxml6.dll

2009-08-20 14:52:04 ----N---- C:\WINDOWS\system32\smtpapi.dll

2009-08-20 14:52:04 ----N---- C:\WINDOWS\system32\rwnh.dll

2009-08-20 14:52:04 ----N---- C:\WINDOWS\system32\comsdupd.exe

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3svc.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3msm.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dot3api.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dimsroam.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\credssp.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\azroles.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ati3duag.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ati3d1ag.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ati2dvag.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ati2dvaa.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\ati2cqag.dll

2009-08-20 14:52:02 ----N---- C:\WINDOWS\system32\aaclient.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eapsvc.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eapqec.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eappprxy.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eapphost.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eappgnui.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eappcfg.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\eapolqec.dll

2009-08-20 14:52:01 ----N---- C:\WINDOWS\system32\dot3ui.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\onex.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\napstat.exe

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\napmontr.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\napipsec.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mssha.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mmcperf.exe

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mmcex.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\kmsvc.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\kbdpash.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2009-08-20 14:52:00 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\windowscodecsext.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\verclsid.exe

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\tzchange.exe

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\tspkg.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\tsgqec.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\slserv.exe

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\slrundll.exe

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\slgen.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\slextspk.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\slcoinst.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\setupn.exe

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\s3gnb.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\rasqec.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\qutil.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\qcliprov.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\qagentrt.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\qagent.dll

2009-08-20 14:51:59 ----N---- C:\WINDOWS\system32\photometadatahandler.dll

2009-08-20 14:51:58 ----N---- C:\WINDOWS\system32\wmphoto.dll

2009-08-20 14:51:58 ----N---- C:\WINDOWS\system32\wlanapi.dll

2009-08-20 14:51:58 ----N---- C:\WINDOWS\slrundll.exe

2009-08-20 14:51:58 ----A---- C:\WINDOWS\system32\xmllite.dll

2009-08-20 14:51:57 ----D---- C:\WINDOWS\system32\scripting

2009-08-20 14:51:57 ----D---- C:\WINDOWS\system32\en-us

2009-08-20 14:51:57 ----D---- C:\WINDOWS\l2schemas

2009-08-20 14:51:56 ----D---- C:\WINDOWS\system32\en

2009-08-20 14:51:56 ----D---- C:\WINDOWS\system32\bits

2009-08-20 14:50:24 ----D---- C:\WINDOWS\ServicePackFiles

2009-08-20 14:48:43 ----D---- C:\WINDOWS\network diagnostic

2009-08-20 14:47:30 ----A---- C:\WINDOWS\002882_.tmp

2009-08-20 14:47:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-08-20 14:45:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2009-08-20 14:41:53 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-08-20 14:41:05 ----D---- C:\Program Files\Broadcom

2009-08-20 14:39:01 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-08-20 14:38:56 ----HD---- C:\Program Files\InstallShield Installation Information

2009-08-20 14:38:56 ----D---- C:\WINDOWS\VirtualEar

2009-08-20 14:38:56 ----D---- C:\Program Files\Analog Devices

2009-08-20 14:38:56 ----A---- C:\WINDOWS\system32\virtear.dll

2009-08-20 14:38:56 ----A---- C:\WINDOWS\system32\DSndUp.exe

2009-08-20 14:38:56 ----A---- C:\WINDOWS\system32\CleanUp.exe

2009-08-20 14:38:56 ----A---- C:\WINDOWS\system32\Audio3d.dll

2009-08-20 14:38:45 ----A---- C:\WINDOWS\system32\PostProc.dll

2009-08-20 14:38:45 ----A---- C:\WINDOWS\system32\Edcrypt.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxzoom.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxtray.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxsrvc.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxsrvc.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxress.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxpph.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxpers.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxext.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxexps.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxdo.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxdev.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\igfxcfg.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmrnt5.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmrem.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmgicd.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmgdev.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmdnt5.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmdev5.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\ialmdd5.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4299.dll

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\hkcmd.exe

2009-08-20 14:37:00 ----A---- C:\WINDOWS\system32\hccutils.dll

2009-08-20 14:32:09 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-08-20 14:32:07 ----D---- C:\Program Files\Intel

2009-08-20 14:31:43 ----D---- C:\WINDOWS\system32\vmm32

2009-08-20 14:31:43 ----D---- C:\Program Files\Dell

2009-08-20 14:31:32 ----D---- C:\Program Files\Common Files\InstallShield

2009-08-20 14:20:32 ----A---- C:\WINDOWS\system32\usbui.dll

2009-08-20 14:19:21 ----A---- C:\WINDOWS\imsins.BAK

2009-08-20 14:19:19 ----SHD---- C:\WINDOWS\Installer

2009-08-20 14:19:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-20 14:19:18 ----D---- C:\Program Files\Common Files\ODBC

2009-08-20 14:19:18 ----A---- C:\WINDOWS\ODBCINST.INI

2009-08-20 14:19:15 ----D---- C:\Program Files\Common Files\SpeechEngines

2009-08-20 14:19:15 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-08-20 14:19:14 ----RD---- C:\Program Files

2009-08-20 14:19:14 ----D---- C:\Program Files\Common Files

2009-08-20 14:19:12 ----RA---- C:\WINDOWS\system32\kbdtuq.dll

2009-08-20 14:19:12 ----RA---- C:\WINDOWS\system32\kbdtuf.dll

2009-08-20 14:19:12 ----RA---- C:\WINDOWS\system32\kbdazel.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdycc.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbduzb.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdur.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdtat.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdru1.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdru.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdmon.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdkyr.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdkaz.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdbu.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdblr.dll

2009-08-20 14:19:11 ----RA---- C:\WINDOWS\system32\kbdaze.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhept.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhela3.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhela2.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhe319.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhe220.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdhe.dll

2009-08-20 14:19:09 ----RA---- C:\WINDOWS\system32\kbdgkl.dll

2009-08-20 14:19:08 ----RA---- C:\WINDOWS\system32\kbdlv1.dll

2009-08-20 14:19:08 ----RA---- C:\WINDOWS\system32\kbdlv.dll

2009-08-20 14:19:08 ----RA---- C:\WINDOWS\system32\kbdlt1.dll

2009-08-20 14:19:08 ----RA---- C:\WINDOWS\system32\kbdlt.dll

2009-08-20 14:19:08 ----RA---- C:\WINDOWS\system32\kbdest.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdycl.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdsl1.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdsl.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdro.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdpl1.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdpl.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdhu1.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdhu.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdcz2.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdcz1.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdcz.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\kbdcr.dll

2009-08-20 14:19:07 ----RA---- C:\WINDOWS\system32\KBDAL.DLL

2009-08-20 14:19:05 ----A---- C:\WINDOWS\system32\irclass.dll

2009-08-20 14:19:04 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-08-20 14:19:04 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-08-20 14:19:04 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-08-20 14:19:04 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-08-20 14:19:03 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-08-20 14:19:02 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2009-08-20 14:19:02 ----A---- C:\WINDOWS\system32\batt.dll

2009-08-20 14:19:02 ----A---- C:\WINDOWS\notepad.exe

2009-08-20 14:19:01 ----A---- C:\WINDOWS\system32\storprop.dll

2009-08-20 14:18:52 ----RA---- C:\WINDOWS\SET2A.tmp

2009-08-20 14:18:52 ----RA---- C:\WINDOWS\SET29.tmp

2009-08-20 14:18:52 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2009-08-20 14:18:49 ----RA---- C:\WINDOWS\SET8.tmp

2009-08-20 14:18:47 ----RA---- C:\WINDOWS\SET4.tmp

2009-08-20 14:18:46 ----RA---- C:\WINDOWS\SET3.tmp

2009-08-20 14:18:40 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-20 14:18:40 ----D---- C:\WINDOWS\system32\CatRoot

2009-08-20 14:18:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-08-20 14:18:17 ----A---- C:\WINDOWS\setuplog.txt

2009-08-20 14:18:14 ----D---- C:\Documents and Settings

2009-08-20 14:18:13 ----SHD---- C:\System Volume Information

2009-08-20 14:17:14 ----SH---- C:\boot.ini

2009-08-20 14:10:46 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-08-20 14:10:46 ----RSD---- C:\WINDOWS\Fonts

2009-08-20 14:10:46 ----RD---- C:\WINDOWS\Web

2009-08-20 14:10:46 ----HD---- C:\WINDOWS\inf

2009-08-20 14:10:46 ----D---- C:\WINDOWS\WinSxS

2009-08-20 14:10:46 ----D---- C:\WINDOWS\twain_32

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Temp

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\wins

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\wbem

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\usmt

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\spool

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\ShellExt

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\Setup

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\ras

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\oobe

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\npp

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\mui

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\inetsrv

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\IME

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\icsxml

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\ias

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\export

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\drivers

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\dhcp

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\config

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\3com_dmi

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\3076

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\2052

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1054

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1042

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1041

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1037

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1033

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1031

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1028

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32\1025

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system32

2009-08-20 14:10:46 ----D---- C:\WINDOWS\system

2009-08-20 14:10:46 ----D---- C:\WINDOWS\security

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Resources

2009-08-20 14:10:46 ----D---- C:\WINDOWS\repair

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Provisioning

2009-08-20 14:10:46 ----D---- C:\WINDOWS\PeerNet

2009-08-20 14:10:46 ----D---- C:\WINDOWS\pchealth

2009-08-20 14:10:46 ----D---- C:\WINDOWS\mui

2009-08-20 14:10:46 ----D---- C:\WINDOWS\msapps

2009-08-20 14:10:46 ----D---- C:\WINDOWS\msagent

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Media

2009-08-20 14:10:46 ----D---- C:\WINDOWS\java

2009-08-20 14:10:46 ----D---- C:\WINDOWS\ime

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Help

2009-08-20 14:10:46 ----D---- C:\WINDOWS\ehome

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Driver Cache

2009-08-20 14:10:46 ----D---- C:\WINDOWS\dell

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Debug

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Cursors

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Connection Wizard

2009-08-20 14:10:46 ----D---- C:\WINDOWS\Config

2009-08-20 14:10:46 ----D---- C:\WINDOWS\AppPatch

2009-08-20 14:10:46 ----D---- C:\WINDOWS\addins

2009-08-20 14:10:46 ----D---- C:\WINDOWS

2009-08-20 14:08:33 ----HD---- C:\Program Files\Uninstall Information

2009-08-20 14:07:40 ----D---- C:\WINDOWS\SoftwareDistribution

2009-08-20 14:07:39 ----SD---- C:\WINDOWS\system32\Microsoft

2009-08-20 14:07:39 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-20 13:59:42 ----D---- C:\WINDOWS\system32\xircom

2009-08-20 13:59:42 ----D---- C:\Program Files\xerox

2009-08-20 13:59:42 ----D---- C:\Program Files\microsoft frontpage

2009-08-20 13:59:31 ----D---- C:\DELL

2009-08-20 13:59:22 ----HD---- C:\WINDOWS\$hf_mig$

2009-08-20 13:59:20 ----N---- C:\WINDOWS\system32\xpsp3res.dll

2009-08-20 13:59:07 ----A---- C:\WINDOWS\control.ini

2009-08-20 13:59:07 ----A---- C:\AUTOEXEC.BAT

2009-08-20 13:58:51 ----A---- C:\WINDOWS\OEWABLog.txt

2009-08-20 13:58:48 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-08-20 13:57:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-08-20 13:57:55 ----RD---- C:\WINDOWS\Offline Web Pages

2009-08-20 13:57:55 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-08-20 13:57:49 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-08-20 13:57:45 ----HD---- C:\Program Files\WindowsUpdate

2009-08-20 13:57:27 ----D---- C:\WINDOWS\system32\DirectX

2009-08-20 13:57:11 ----A---- C:\WINDOWS\system32\atrace.dll

2009-08-20 13:57:09 ----A---- C:\WINDOWS\system32\desktop.ini

2009-08-20 13:57:09 ----A---- C:\WINDOWS\desktop.ini

2009-08-20 13:57:03 ----A---- C:\WINDOWS\system32\nmevtmsg.dll

mr_banana_pants · September 16, 2009

2009-08-20 13:57:02 ----D---- C:\Program Files\Common Files\Services

2009-08-20 13:57:02 ----A---- C:\WINDOWS\system32\acctres.dll

2009-08-20 13:57:00 ----SD---- C:\WINDOWS\Tasks

2009-08-20 13:57:00 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2009-08-20 13:56:59 ----D---- C:\Program Files\Common Files\MSSoap

2009-08-20 13:56:56 ----D---- C:\WINDOWS\srchasst

2009-08-20 13:56:55 ----D---- C:\WINDOWS\system32\Macromed

2009-08-20 13:56:53 ----A---- C:\WINDOWS\system32\wuweb.dll

2009-08-20 13:56:53 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-08-20 13:56:53 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-08-20 13:56:53 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\wups.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-08-20 13:56:52 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-08-20 13:56:48 ----D---- C:\Program Files\Movie Maker

2009-08-20 13:56:45 ----A---- C:\WINDOWS\system32\safrslv.dll

2009-08-20 13:56:45 ----A---- C:\WINDOWS\system32\safrdm.dll

2009-08-20 13:56:45 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2009-08-20 13:56:45 ----A---- C:\WINDOWS\system32\racpldlg.dll

2009-08-20 13:56:42 ----D---- C:\WINDOWS\system32\Restore

2009-08-20 13:56:42 ----A---- C:\WINDOWS\system32\fltmc.exe

2009-08-20 13:56:42 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\srclient.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\mnmdd.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll

2009-08-20 13:56:41 ----A---- C:\WINDOWS\system32\ils.dll

2009-08-20 13:56:40 ----A---- C:\WINDOWS\system32\msconf.dll

2009-08-20 13:56:40 ----A---- C:\WINDOWS\system32\mnmsrvc.exe

2009-08-20 13:56:38 ----D---- C:\Program Files\NetMeeting

2009-08-20 13:56:38 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-08-20 13:56:38 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-08-20 13:56:37 ----A---- C:\WINDOWS\system32\inetres.dll

2009-08-20 13:56:37 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-08-20 13:56:36 ----D---- C:\Program Files\Outlook Express

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\mstask.dll

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\isign32.dll

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\inetcfg.dll

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\icwphbk.dll

2009-08-20 13:56:35 ----A---- C:\WINDOWS\system32\icwdial.dll

2009-08-20 13:56:30 ----D---- C:\Program Files\Internet Explorer

2009-08-20 13:56:30 ----D---- C:\Program Files\Common Files\System

2009-08-20 13:55:54 ----D---- C:\Program Files\ComPlus Applications

2009-08-20 13:55:52 ----A---- C:\WINDOWS\vbaddin.ini

2009-08-20 13:55:52 ----A---- C:\WINDOWS\vb.ini

2009-08-20 13:55:48 ----D---- C:\WINDOWS\Registration

2009-08-20 13:55:41 ----D---- C:\Program Files\Windows Media Player

2009-08-20 13:55:41 ----D---- C:\Program Files\Online Services

2009-08-20 13:55:34 ----D---- C:\Program Files\Messenger

2009-08-20 13:55:31 ----D---- C:\Program Files\MSN Gaming Zone

2009-08-20 13:55:31 ----A---- C:\WINDOWS\system32\write.exe

2009-08-20 13:55:24 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-08-20 13:55:24 ----A---- C:\WINDOWS\system32\hticons.dll

2009-08-20 13:55:23 ----A---- C:\WINDOWS\system32\winchat.exe

2009-08-20 13:55:23 ----A---- C:\WINDOWS\system32\avwav.dll

2009-08-20 13:55:23 ----A---- C:\WINDOWS\system32\avtapi.dll

2009-08-20 13:55:23 ----A---- C:\WINDOWS\system32\avmeter.dll

2009-08-20 13:55:18 ----A---- C:\WINDOWS\system32\getuname.dll

2009-08-20 13:55:18 ----A---- C:\WINDOWS\system32\charmap.exe

2009-08-20 13:55:18 ----A---- C:\WINDOWS\system32\calc.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\winmine.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\tskill.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\sol.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\reset.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\mshearts.exe

2009-08-20 13:55:17 ----A---- C:\WINDOWS\system32\freecell.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\tscon.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\shadow.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\regini.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\msg.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\logoff.exe

2009-08-20 13:55:16 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\stclient.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-08-20 13:55:15 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-08-20 13:55:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-08-20 13:55:01 ----D---- C:\Program Files\MSN

2009-08-20 13:55:00 ----A---- C:\WINDOWS\system32\sndrec32.exe

2009-08-20 13:55:00 ----A---- C:\WINDOWS\system32\accwiz.exe

2009-08-20 13:54:59 ----D---- C:\Program Files\Windows NT

2009-08-20 13:54:59 ----A---- C:\WINDOWS\system32\mspaint.exe

2009-08-20 13:54:59 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-08-20 13:54:59 ----A---- C:\WINDOWS\system32\hypertrm.dll

2009-08-20 13:54:59 ----A---- C:\WINDOWS\system32\clipbrd.exe

2009-08-20 13:54:58 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-08-20 13:54:58 ----A---- C:\WINDOWS\system32\spider.exe

2009-08-20 13:54:58 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-08-20 13:54:58 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-08-20 13:54:57 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-08-20 13:54:56 ----D---- C:\WINDOWS\system32\MsDtc

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-08-20 13:54:56 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-08-20 13:54:55 ----D---- C:\WINDOWS\system32\Com

2009-08-20 13:54:55 ----A---- C:\WINDOWS\system32\colbact.dll

2009-08-20 13:54:55 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-08-20 13:54:55 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-08-20 13:54:55 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-08-20 13:54:55 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-08-20 13:54:54 ----A---- C:\WINDOWS\system32\comuid.dll

2009-08-20 13:54:54 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-08-20 13:54:54 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-08-20 13:54:49 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-08-20 13:54:49 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-08-20 13:54:49 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-08-20 13:54:49 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-20 15:29:16 ----A---- C:\WINDOWS\win.ini

2009-08-20 14:53:17 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-10 21361]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]

R2 mdvrmng;Mobile IP Route Manager; \??\C:\WINDOWS\system32\drivers\mdvrmng.sys []

R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]

R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-02-10 257432]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]

R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-07-30 619136]

R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-09-10 980512]

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-10 153376]

R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2008-07-09 69632]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]

S3 GoogleDesktopManager-090209-075101;Google Desktop Manager 5.9.909.2235; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-09 30192]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

mr_banana_pants · September 16, 2009

And the 2nd scan

info.txt logfile of random's system information tool 1.06 2009-09-16 18:43:01

======Uninstall list======

-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

3Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -l0x9 -removeonly /z"Uninstall"

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}

Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}

Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE

Edimax Wireless LAN-->C:\Program Files\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe -runfromtemp -l0x0009 -removeonly

Final Draft 7-->MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}

FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Half-Life: Blue Shift-->E:\Sierra\BLUE-S~1\bshift\UNWISE.EXE E:\Sierra\BLUE-S~1\bshift\install.log

Half-Life: Counter-Strike-->E:\Sierra\COUNTE~1\UNWISE.EXE E:\Sierra\COUNTE~1\INSTALL.LOG

Half-Life: Opposing Force-->E:\Sierra\HALF-L~1\UNWISE.EXE /u E:\Sierra\HALF-L~1\OPFOR.LOG

Half-Life-->E:\Sierra\HALF-L~1\UNWISE.EXE E:\Sierra\HALF-L~1\INSTALL.LOG

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Huawei Modems-->C:\WINDOWS\Huawei ModemsUninstall.exe

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772

iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}

Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"

Mp3tag v2.44-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"

PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sky Broadband Browser Branding-->MsiExec.exe /I{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}

Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}

SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly

Spotify-->"C:\Program Files\Spotify\uninstall.exe"

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

tunnel Screen Saver-->C:\WINDOWS\system32\tunnel.scr /u

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090916-0]

FW: Outpost Firewall

======System event log======

Computer Name: SARAH-69AAB5CF6

Event Code: 3019

Message: The redirector failed to determine the connection type.

Record Number: 103

Source Name: MRxSmb

Time Written: 20090820144134.000000+060

Event Type: warning

User:

Computer Name: SARAH-69AAB5CF6

Event Code: 3019

Message: The redirector failed to determine the connection type.

Record Number: 102

Source Name: MRxSmb

Time Written: 20090820144133.000000+060

Event Type: warning

User:

Computer Name: SARAH-69AAB5CF6

Event Code: 3019

Message: The redirector failed to determine the connection type.

Record Number: 101

Source Name: MRxSmb

Time Written: 20090820144131.000000+060

Event Type: warning

User:

Computer Name: SARAH-69AAB5CF6

Event Code: 3019

Message: The redirector failed to determine the connection type.

Record Number: 100

Source Name: MRxSmb

Time Written: 20090820144129.000000+060

Event Type: warning

User:

Computer Name: SARAH-69AAB5CF6

Event Code: 3019

Message: The redirector failed to determine the connection type.

Record Number: 99

Source Name: MRxSmb

Time Written: 20090820144127.000000+060

Event Type: warning

User:

=====Application event log=====

Computer Name: TARDIS

Event Code: 1004

Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Record Number: 137

Source Name: MsiInstaller

Time Written: 20090821015707.000000+060

Event Type: warning

User: TARDIS\TARDIS

Computer Name: TARDIS

Event Code: 5000

Message:

Record Number: 136

Source Name: MPSampleSubmission

Time Written: 20090821010727.000000+060

Event Type: error

User:

Computer Name: COMPUTER

Event Code: 5000

Message:

Record Number: 133

Source Name: MPSampleSubmission

Time Written: 20090820233232.000000+060

Event Type: error

User:

Computer Name: COMPUTER

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 125

Source Name: Application Hang

Time Written: 20090820223527.000000+060

Event Type: error

User:

Computer Name: SARAH-69AAB5CF6

Event Code: 1000

Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18812, fault address 0x001b9e98.

Record Number: 85

Source Name: Application Error

Time Written: 20090820192951.000000+060

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0409

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

mr_banana_pants · September 17, 2009

I hope thats all of some use to you guys

I googled "Form1 Malware", still can't find anything to help but a few people do seem to have had similar problems.

Worrying thing is, one person seemed to have the same problem but it seemed to be eating away at his hard drive too:confused::(

RandyL · September 18, 2009

My first thought was a Visual Basic program or malware.

Two things stand out here from your file.

1. uTorrent

2. PeerGuardian

1. P2P or Torrent programs are against our rules.

2. This is what Wikipedia has to say about PeerGuardian.

The original PeerGuardian (1.0) was programmed in Visual Basic and quickly became popular among P2P users despite blocking only the common TCP protocol and being known for high RAM and CPU usage when connected to P2P networks. By December 2003, it had been downloaded 1 million times.[2] The original version was released for free and the source code was made available under an open source license.

All things considered you should uninstall those programs and run security scans.

chiaz · September 18, 2009

Hi mr_banana_pants,

I do have some guesses on where this "Form 1" is coming from, but maybe you would like to address Randy's concerns above first.

mr_banana_pants · September 18, 2009

Sorry guys. I'll remove these programmes and reply shortly

mr_banana_pants · September 18, 2009

Logfile of random's system information tool 1.06 (written by random/random)

Run by TARDIS at 2009-09-18 11:28:58

Microsoft Windows XP Professional Service Pack 3

System drive C: has 4 GB (19%) free of 20 GB

Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:29:03, on 18/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\vortex.scr

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\TARDIS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\TARDIS\Desktop\RSIT.exe