Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola soy nuevo en el foro... Tengo el virus ''mira la foto'' o alguna varicacion de este, a mis contactos del Messenger les llega el siguiente mensaje:

enviado 18/12/2008 01:57 p.m.:
Faça uma viagem pelo nosso roteiro de fim de ano. Basta clicar e conferir!
http://www.i42.....

He leido varios posts similares y he intentado la soluciones que se proponen pero nada me lo detecta.

NOD32, KApersky Online y Active Scan de Panda no detectan nada

Corri el MSN cleaner y no encontro nada
Corri SuperAntispyware, y solamente encontro tracking cookies
Corri AdAware y lo mismo, solo tracking cookies
Corri Ccleaner y corrigio algunas cosas pero los mensajes siguen llegando
Corri el hijackthis y este es el log que me dio:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:12:53 p.m., on 18/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\program files\mozilla firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Process Detector\spydetector.exe
C:\Users\Rulo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mx&c=83&bd=Pavilion &pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mx&c=83&bd=Pavilion &pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
---


Ojala me puedan ayudar, Saludos, Gracias

Pues no es por regañarte pero aqui no van logs de hijackthis!!
has esto
Descarga las siguientes herramientas, pero no las ejecutes aun:

* MsnCleaner

* SDFix guárdala y descomprimela en tu escritorio

* Malwarebytes' Anti-Malware instalalo y actualizalo

* MSNFix Descomprimí la carpeta en el escritorio.




Apaga Restaurar Sistema (Solo en Windows Me XP y Vista)

Reinicia el PC a Modo a prueba de fallos (Modo seguro)

Ejecuta las herramientas del paso de a una así en su mismo orden:

Cita:
*Descomprimes el archivo MSNCleaner.zip
*Ejecutar el archivo MSNCleaner.exe
*Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
*Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
*Hacer Clic en el botón Eliminar
Cita:
Malwarebytes' Anti-Malware <---- realiza un escaneo completo del PC y elimina las infecciones que este detecte. El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.

Cita:
* Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en dicha carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega lo que indique ese reporte acá.

Cita:
1-Abre la carpeta y haz doble clic al archivo MSNFix.bat para ejecutarlo.
2-Pulsa la tecla C para ponerlo en español y dale al enter.
3-Pulsa R y clicas nuevamente enter para que empiece a analizar.

Después que el pc se reinicie en modo normal por medio de la herramienta SDFix.exe hazte un scanner con kaspersky Manual y pegas los reportes de las 4 herramientas del paso y el reporte del kaspersky



PD:Si alguno de los pasos indicados no lo podes hacer, lo salteas y continuas con el siguiente paso

hola bienvenido

esto te puede servir suerte virus del msn lo intalas y me comentas chao feliz navidad

ok bueno pues corri el MSN Cleaner y me dijo ''no se ha encontrado ningun archivo"
Despues corri el malwarebyte, y tambien me dijo que no encontro nada,
el SDFix no lo pude correr en modo safe, se cerraba la ventana inmeditamante despues de abrir, pero corri la opcion de crear un registro desde wondows sin modo safe.
y el MSNFix no lo abrio por que tiene virus el archivo .zip.

Anexo logs. de sdfix
y malwarebyte

Malwarebytes' Anti-Malware 1.31
Database version: 1517
Windows 6.0.6001 Service Pack 1

18/12/2008 07:22:29 p.m.
mbam-log-2008-12-18 (19-22-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182672
Time elapsed: 24 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

System Report
*************

Run on 18/12/2008 at 08:01 p.m.

Microsoft Windows [Version 6.0.6001]

Current user is not an administrator

Running Processes:

C:\Windows\system32\taskeng.exe [1904]
C:\Windows\system32\Dwm.exe [1972]
C:\Windows\Explorer.EXE [204]
C:\Windows\System32\rundll32.exe [2396]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2428]
C:\Program Files\HP\QuickPlay\QPService.exe [2468]
C:\Program Files\Windows Defender\MSASCui.exe [2504]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [2516]
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2780]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2788]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2796]
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2804]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2820]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2836]
C:\Program Files\Windows Media Player\wmpnscfg.exe [2844]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2852]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2860]
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2876]
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE [3960]
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [2124]
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [2344]
C:\Windows\system32\conime.exe [1812]
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe [3044]


Drivers - Running:

ACPI
adp94xx
adpahci
adpu160m
adpu320
AFD
aic78xx
aliide
amdide
arc
arcsas
atapi
Beep
bowser
cdrom
CLFS
cmdide
Compbatt
crcdisk
DfsC
disk
eamon
easdrv
Ecache
elxstor
epfwtdir
FileInfo
FltMgr
HpCISSs
HTTP
i2omp
i8042prt
iaStorV
iirsp
intelide
isapnp
iteatapi
iteraid
kbdclass
KSecDD
lltdio
LSI_FC
LSI_SAS
LSI_SCSI
luafv
mdmxsdk
megasas
MegaSR
mouclass
MountMgr
mpio
mpsdrv
Mraid35x
MRxDAV
mrxsmb
mrxsmb10
mrxsmb20
msahci
msdsm
Msfs
msisadrv
Mup
NativeWifiP
NDIS
Ndisuio
NetBIOS
netbt
nfrd960
Npfs
nsiproxy
Null
nvlddmkm
nvraid
nvstor
partmgr
pci
pciide
PEAUTH
PSched
ql2300
ql40xx
RasAcd
rdbss
RDPCDD
RDPENCDD
rspndr
SASDIFSV
SASENUM
SASKUTIL
sbp2port
secdrv
SiSRaid2
SiSRaid4
Smb
spldr
srv
srv2
srvnet
Symc8xx
Sym_hi
Sym_u3
Tcpip
tcpipreg
tdx
TermDD
uliahci
UlSata
ulsata2
VgaSave
viaide
volmgr
volmgrx
volsnap
vsmraid
Wanarpv6
Wd
Wdf01000
XAudio


Drivers - Stopped:

agp440
amdagp
AmdK7
AmdK8
AsyncMac
athr
BCM43XV
blbdrive
BrFiltLo
BrFiltUp
Brserid
BrSerWdm
BrUsbMdm
BrUsbSer
BTHMODEM
cdfs
circlass
CmBatt
CnxtHdAudService
Crusoe
Dot4
Dot4Print
dot4usb
drmkaud
DXGKrnl
E1G60
ErrDev
exfat
fastfat
fdc
Filetrace
flpydisk
gagp30kx
HdAudAddService
HDAudBus
HidBth
HidIr
HidUsb
HpqKbFiltr
HSFHWAZL
HSF_DPV
HSXHWAZL
intelppm
IpFilterDriver
IpInIp
IPMIDRV
IPNAT
IRENUM
iScsiPrt
kbdhid
Modem
monitor
mouhid
MSKSSRV
MSPCLOCK
MSPQM
MsRPC
mssmbios
MSTEE
NdisTapi
NdisWan
NDProxy
Ntfs
ntrigdigi
NVENETFD
NVHDA
nvsmu
nv_agp
NwlnkFlt
NwlnkFwd
ohci1394
Parport
Parvdm
pcmcia
PptpMiniport
Processor
QWAVEdrv
Rasl2tp
RasPppoe
RasSstp
rdpdr
RDPWD
RTSTOR
Serenum
Serial
sermouse
sffdisk
sffp_mmc
sffp_sd
sfloppy
sisagp
swenum
SynTP
Tcpip6
TDPIPE
TDTCP
tssecsrv
tunmp
tunnel
uagp35
udfs
uliagpkx
umbus
usbccgp
usbcir
usbehci
usbhub
usbohci
usbprint
usbscan
USBSTOR
usbuhci
usbvideo
vga
viaagp
ViaC7
WacomPen
Wanarp
winachsf
WmiAcpi
ws2ifsl
WUDFRd


Services - Running:

AeLookupSvc
Appinfo
AudioEndpointBuilder
Audiosrv
BFE
BITS
Browser
Com4QLBEx
CryptSvc
DcomLaunch
Dhcp
Dnscache
DPS
EapHost
ekrn
EMDMgmt
Eventlog
EventSystem
fdPHost
FDResPub
gpsvc
HP
hpqcxs08
hpqddsvc
hpqwmiex
IKEEXT
iphlpsvc
KeyIso
KtmRm
LanmanServer
LanmanWorkstation
LightScribeService
lmhosts
MMCSS
MpsSvc
Net
Netman
netprofm
NlaSvc
nsi
nvsvc
PcaSvc
PlugPlay
Pml
PolicyAgent
ProfSvc
RasMan
Recovery
RichVideo
RpcSs
SamSs
Schedule
seclogon
SENS
ShellHWDetection
slsvc
Spooler
SSDPSRV
SstpSvc
stisvc
SysMain
TabletInputService
TapiSrv
TermService
Themes
TrkWks
upnphost
UxSms
W32Time
WdiSystemHost
WebClient
WerSvc
WinDefend
Winmgmt
Wlansvc
WMPNetworkSvc
WPDBusEnum
wscsvc
WSearch
wuauserv
wudfsvc
XAudioService


Services - Stopped:

ALG
CertPropSvc
clr_optimization_v2.0.50727_32
COMSysApp
DFSR
dot3svc
ehRecvr
ehSched
ehstart
EhttpSrv
FontCache3.0.0.0
GameConsoleService
hidserv
hkmsvc
IDriverT
idsvc
IPBusEnum
lltdsvc
Mcx2Svc
MSDTC
MSiSCSI
msiserver
napagent
Netlogon
NetTcpPortSharing
NOD32FiXTemDono
odserv
ose
p2pimsvc
p2psvc
pla
PNRPAutoReg
PNRPsvc
ProtectedStorage
QWAVE
RasAuto
RemoteAccess
RemoteRegistry
RpcLocator
SCardSvr
SCPolicySvc
SDRSVC
SessionEnv
SharedAccess
SLUINotify
SNMPTRAP
swprv
TBS
THREADORDER
TrustedInstaller
UI0Detect
usnjsvc
vds
VSS
wcncsvc
WcsPlugInService
WdiServiceHost
Wecsvc
wercplsupport
WinHttpAutoProxySvc
WinRM
WLSetupSvc
wmiApSrv
WPCSvc


Files Created/Modified - 60 Days:


C:\

8 Dec 2008 7:16:12p 10 ..SHR "C:\config.sys"
18 Dec 2008 7:57:14p 2,951,102,464 A.SH. "C:\hiberfil.sys"
8 Dec 2008 7:16:12p 10 ..SHR "C:\config.sys"
18 Dec 2008 7:57:14p 2,951,102,464 A.SH. "C:\hiberfil.sys"
28 Nov 2008 3:29:52p 0 A.SHR "C:\IO.SYS"
28 Nov 2008 3:29:52p 0 A.SHR "C:\MSDOS.SYS"
18 Dec 2008 7:57:14p 3,264,942,080 A.SH. "C:\pagefile.sys"


C:\Windows\

18 Dec 2008 7:57:18p 67,584 A.S.. "C:\Windows\bootstat.dat"
17 Dec 2008 10:13:22p 350 A.... "C:\Windows\cleanerfix.bat"
18 Dec 2008 7:57:18p 67,584 A.S.. "C:\Windows\bootstat.dat"
17 Dec 2008 10:13:22p 350 A.... "C:\Windows\cleanerfix.bat"
29 Oct 2008 12:29:42a 2,927,104 A.... "C:\Windows\explorer.exe"
9 Dec 2008 4:41:22p 163,912 A.... "C:\Windows\hpoins19.dat"
31 Oct 2008 9:44:36p 2,154,496 A.... "C:\Windows\AppPatch\AcGenral.dll"
31 Oct 2008 9:44:36p 541,696 A.... "C:\Windows\AppPatch\AcLayers.dll"
31 Oct 2008 9:44:36p 460,288 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
31 Oct 2008 9:44:36p 173,056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
31 Oct 2008 9:44:38p 52,736 A.... "C:\Windows\AppPatch\iebrshim.dll"
31 Oct 2008 9:44:36p 2,154,496 A.... "C:\Windows\AppPatch\AcGenral.dll"
31 Oct 2008 9:44:36p 541,696 A.... "C:\Windows\AppPatch\AcLayers.dll"
31 Oct 2008 9:44:36p 460,288 A.... "C:\Windows\AppPatch\AcSpecfc.dll"
31 Oct 2008 9:44:36p 173,056 A.... "C:\Windows\AppPatch\AcXtrnal.dll"
31 Oct 2008 9:44:38p 52,736 A.... "C:\Windows\AppPatch\iebrshim.dll"
9 Dec 2008 2:47:30p 51,200 A.... "C:\Windows\inf\infpub.dat"
9 Dec 2008 2:47:30p 86,016 A.... "C:\Windows\inf\infstor.dat"
9 Dec 2008 2:47:30p 86,016 A.... "C:\Windows\inf\infstrng.dat"
23 Nov 2008 8:38:12p 44 A.... "C:\Windows\system\hpsysdrv.dat"
31 Oct 2008 9:44:36p 28,672 A.... "C:\Windows\System32\Apphlpdm.dll"
20 Oct 2008 11:25:18p 1,645,568 A.... "C:\Windows\System32\connect.dll"
28 Oct 2008 4:35:56p 684,032 A.... "C:\Windows\System32\DivX.dll"
28 Oct 2008 4:36:00p 823,296 A.... "C:\Windows\System32\divx_xx0c.dll"
28 Oct 2008 4:36:00p 823,296 A.... "C:\Windows\System32\divx_xx07.dll"
28 Oct 2008 4:35:58p 802,816 A.... "C:\Windows\System32\divx_xx11.dll"
28 Oct 2008 4:35:58p 815,104 A.... "C:\Windows\System32\divx_xx0a.dll"
18 Dec 2008 12:58:04p 303,392 A.... "C:\Windows\System32\FNTCACHE.DAT"
20 Oct 2008 11:25:20p 296,960 A.... "C:\Windows\System32\gdi32.dll"
9 Dec 2008 3:24:38p 17,593,280 A.... "C:\Windows\System32\mrt.exe"
11 Dec 2008 11:52:54p 3,578,880 A.... "C:\Windows\System32\mshtml.dll"
18 Dec 2008 7:48:56p 100,640 A.... "C:\Windows\System32\perfc009.dat"
18 Dec 2008 7:48:56p 586,568 A.... "C:\Windows\System32\perfh009.dat"
6 Nov 2008 7:14:26a 11,580,928 A.... "C:\Windows\System32\shell32.dll"
21 Oct 2008 7:22:12p 2,048 A.... "C:\Windows\System32\tzres.dll"
18 Dec 2008 7:57:24p 6 A..H. "C:\Windows\Tasks\SA.DAT"
3 Dec 2008 7:59:02p 15,504 A.... "C:\Windows\System32\drivers\mbam.sys"
3 Dec 2008 7:59:06p 38,496 A.... "C:\Windows\System32\drivers\mbamswissarmy.sys "
23 Nov 2008 9:04:18p 36,864 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1 cbc0e39143f0_cdd.dll_01f58cd5"
23 Nov 2008 9:06:12p 1,823,232 A.... "C:\Windows\winsxs\Backup\x86_microsoft.windows.gd iplus_6595b64144ccf1df_1.1.6001.18065_none_8dcc2d1 362c70bc9_gdiplus.dll_423f7010"
23 Nov 2008 9:06:42p 1,191,936 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d 47896e90b40_msxml3.dll_eaee1698"
23 Nov 2008 910p 61,440 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41_winipsec.dll_abfff1a2"
12 Dec 2008 3:02:08a 28,160 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8157_none_01b9e7cda1f54c23_jsproxy.dll_3cc8d651"
23 Nov 2008 9:09:22p 33,280 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c5 7bfa9b1_traffic.dll_673bed71"
12 Dec 2008 3:02:08a 64,512 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8157_none_01b9e7cda1f54c23_wininetplugin.dll_f2ff3 5f9"
23 Nov 2008 9:04:18p 625,152 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1 cbc0e39143f0_dxgkrnl.sys_8aad3dfb"
23 Nov 2008 9:01:28p 1,334,272 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_88559 0b496e78ad1_msxml6.dll_ebe15265"
23 Nov 2008 9:01:28p 2,048 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_88559 0b496e78ad1_msxml6r.dll_d8460bdb"
23 Nov 2008 9:09:22p 13,824 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c5 7bfa9b1_wshqos.dll_f1749d15"
23 Nov 2008 910p 272,896 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41_polstore.dll_6cd3e56e"
23 Nov 2008 9:06:28p 466,944 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d05 0f6301b2186f_netapi32.dll_8b1e859a"
23 Nov 2008 9:01:50p 3,549,240 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a25 48b43efe06_ntoskrnl.exe_0fb0ab79"
23 Nov 2008 9:07:00p 2,032,640 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d 629aa2b55e_win32k.sys_0d7a6fb3"
18 Dec 2008 3:01:10a 3,578,880 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none _12ef96002267a3d0_mshtml.dll_fab8f891"
23 Nov 2008 9:09:22p 72,192 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c5 7bfa9b1_pacer.sys_c93de3d8"
23 Nov 2008 9:01:50p 3,601,464 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a25 48b43efe06_ntkrnlpa.exe_165c312a"
23 Nov 2008 9:06:12p 1,748,992 A.... "C:\Windows\winsxs\Backup\x86_microsoft.windows.gd iplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2 ec9c13222_gdiplus.dll_423f7010"
23 Nov 2008 9:06:42p 2,048 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d 47896e90b40_msxml3r.dll_d752d00e"
12 Dec 2008 3:02:08a 1,166,336 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.1 8157_none_b4b40c2bd6ec2590_urlmon.dll_95c89473"
23 Nov 2008 9:09:22p 784,896 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc 5453bf46b_rpcrt4.dll_5aa847dd"
12 Dec 2008 3:02:08a 827,392 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8157_none_01b9e7cda1f54c23_wininet.dll_790e2e3a"
12 Dec 2008 3:03:02a 11,580,928 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4 f42122643ed_shell32.dll_0d29dca9"
23 Nov 2008 9:09:22p 891,448 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e0 33a8669434a1_tcpip.sys_3339bd51"
23 Nov 2008 910p 28,672 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41_fwremotesvr.dll_afaa5ea8"
12 Dec 2008 10:22:14a 296,960 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee 04971f856_gdi32.dll_1f014d57"
23 Nov 2008 910p 361,984 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41_ipsecsvc.dll_7136601a"
12 Dec 2008 3:02:06a 180,736 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_64736 0efae414386_ieui.dll_f0fcf806"
23 Nov 2008 9:09:22p 15,360 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c5 7bfa9b1_pacerprf.dll_656ec1bf"
12 Dec 2008 3:02:06a 6,068,736 A.... "C:\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_64736 0efae414386_ieframe.dll_c6cbe33f"
31 Oct 2008 9:25:04p 1,686,528 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_ 408173e9dd4c5e75\gameux.dll"
31 Oct 2008 5:38:12p 4,247,552 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_ 408173e9dd4c5e75\GameUXLegacyGDFs.dll"
31 Oct 2008 9:24:16p 450,560 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20949_none_0aa65de30e 5914cc\AcSpecfc.dll"
20 Oct 2008 11:25:20p 296,960 A.... "C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee 04971f856\gdi32.dll"
20 Oct 2008 11:21:44p 297,472 A.... "C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22291_none_59a7f9a b62b73d2c\gdi32.dll"
27 Oct 2008 8:15:04p 2,923,520 A.... "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033 cb5995cd990b\explorer.exe"
30 Oct 2008 9:35:08p 1,696,256 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_ 4231a10dda9b7df4\gameux.dll"
30 Oct 2008 7:17:44p 4,240,384 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_ 4231a10dda9b7df4\GameUXLegacyGDFs.dll"
31 Oct 2008 9:33:50p 449,536 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16772_none_09f54d67f5 5a1a4d\AcSpecfc.dll"
31 Oct 2008 5:23:38p 2,560 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20949_none_0aa35d050e 5bc8c7\AcRes.dll"
20 Oct 2008 11:16:22p 297,472 A.... "C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f7 04c563751\gdi32.dll"
30 Oct 2008 9:35:08p 52,736 A.... "C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.22299_none_2c27 1d937e879b44\iebrshim.dll"
6 Nov 2008 6:59:16a 11,320,832 A.... "C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977 d7d2e1a9bf2\shell32.dll"
20 Oct 2008 11:07:20p 297,472 A.... "C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20940_none_57f6cc3 d65690456\gdi32.dll"
11 Dec 2008 11:45:20p 3,593,216 A.... "C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none _110e58cc253c9192\mshtml.dll"
21 Oct 2008 5:31:24p 2,048 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_132 73c340c95d620\tzres.dll"
21 Oct 2008 9:43:40p 18,944 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_132 73c340c95d620\tzupd.exe"
11 Dec 2008 11:52:54p 3,578,880 A.... "C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none _12ef96002267a3d0\mshtml.dll"
30 Oct 2008 9:35:06p 541,696 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510b a74da2\AcLayers.dll"
30 Oct 2008 9:35:06p 173,056 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510b a74da2\AcXtrnal.dll"
31 Oct 2008 9:33:50p 28,672 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16772_none_7fd1e e2663d3b893\Apphlpdm.dll"
31 Oct 2008 9:33:50p 1,687,040 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_ 3fd0636ec44d63f6\gameux.dll"
31 Oct 2008 5:38:10p 4,247,552 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_ 3fd0636ec44d63f6\GameUXLegacyGDFs.dll"
31 Oct 2008 9:25:14p 52,736 A.... "C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20949_none_2a76 f06f81387bc5\iebrshim.dll"
20 Oct 2008 11:25:18p 1,645,568 A.... "C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.1815 9_none_64e182cb96dae69e\connect.dll"
21 Oct 2008 9:34:56p 160,768 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PortableDeviceTypes.dll"
21 Oct 2008 9:34:56p 94,720 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PortableDeviceClassExtension .dll"
21 Oct 2008 9:34:56p 241,152 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PortableDeviceApi.dll"
31 Oct 2008 9:33:50p 52,736 A.... "C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16772_none_29c5 dff468398146\iebrshim.dll"
21 Oct 2008 9:43:52p 160,768 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PortableDeviceTypes.dll"
21 Oct 2008 9:43:52p 95,232 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PortableDeviceClassExtension .dll"
21 Oct 2008 9:43:52p 241,152 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PortableDeviceApi.dll"
6 Nov 2008 6:59:28a 11,582,976 A.... "C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5c c532b16d3dc\shell32.dll"
23 Nov 2008 9:03:04p 1,286,152 A.... "C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf3 45378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dl l"
11 Dec 2008 11:47:46p 3,579,392 A.... "C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none _13bf15ab3b5017ce\mshtml.dll"
23 Nov 2008 9:03:14p 91,656 A.... "C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf 345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll"
24 Nov 2008 12:35:14p 1,093,632 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514\mfc80. dll"
24 Nov 2008 12:35:14p 1,079,808 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514\mfc80u .dll"
24 Nov 2008 12:35:14p 69,632 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514\mfcm80 .dll"
24 Nov 2008 12:35:14p 57,344 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514\mfcm80 u.dll"
24 Nov 2008 12:35:40p 1,230,336 A.... "C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf3 45378f_4.1.0.0_none_6c030d6fdc86522c\msxml4.dll"
24 Nov 2008 12:36:22p 40,960 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80CHS.dll"
24 Nov 2008 12:36:22p 45,056 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80CHT.dll"
24 Nov 2008 12:36:22p 65,536 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80DEU.dll"
24 Nov 2008 12:36:22p 57,344 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80ENU.dll"
24 Nov 2008 12:36:22p 61,440 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80ESP.dll"
24 Nov 2008 12:36:22p 61,440 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80FRA.dll"
24 Nov 2008 12:36:22p 61,440 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80ITA.dll"
24 Nov 2008 12:36:22p 49,152 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80JPN.dll"
24 Nov 2008 12:36:22p 49,152 A.... "C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58\mfc 80KOR.dll"
20 Oct 2008 11:16:22p 1,645,568 A.... "C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.1676 6_none_62ed735b99bf2599\connect.dll"
31 Oct 2008 9:44:36p 28,672 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18165_none_81c5f d9660ef7998\Apphlpdm.dll"
30 Oct 2008 9:35:06p 2,154,496 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22299_none_0c558abd0b a91af4\AcGenral.dll"
31 Oct 2008 9:44:36p 2,154,496 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df2 76c1fb\AcGenral.dll"
31 Oct 2008 9:24:18p 28,672 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20949_none_8082f ea17cd2b312\Apphlpdm.dll"
21 Oct 2008 9:39:44p 160,768 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PortableDeviceTypes.dll"
21 Oct 2008 9:39:44p 95,232 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PortableDeviceClassExtension .dll"
21 Oct 2008 9:39:44p 241,152 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PortableDeviceApi.dll"
21 Oct 2008 9:57:32p 241,152 A.... "C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PortableDeviceApi.dll"
31 Oct 2008 5:23:44p 2,560 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16772_none_09f24c89f5 5cce48\AcRes.dll"
20 Oct 2008 11:06:54p 1,645,568 A.... "C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.2094 0_none_6386b028b2d1f29e\connect.dll"
29 Oct 2008 12:29:42a 2,927,104 A.... "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177 ca9879e978e8\explorer.exe"
31 Oct 2008 9:44:38p 52,736 A.... "C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.18165_none_2bb9 ef646555424b\iebrshim.dll"
21 Oct 2008 5:30:58p 2,048 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c 0790125a8a325\tzres.dll"
21 Oct 2008 7:13:28p 18,944 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c 0790125a8a325\tzupd.exe"
29 Oct 2008 12:20:30a 2,923,520 A.... "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83 bb287ccdb7e3\explorer.exe"
24 Nov 2008 12:35:42p 82,432 A.... "C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf 345378f_4.1.0.0_none_3658456fda6654f6\msxml4r.dll"
11 Dec 2008 11:40:04p 3,594,752 A.... "C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none _119dc5f73e5693df\mshtml.dll"
31 Oct 2008 9:24:16p 2,144,768 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20949_none_0aa55d990e 59fb75\AcGenral.dll"
31 Oct 2008 9:44:36p 541,696 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f2 74f4a9\AcLayers.dll"
31 Oct 2008 9:44:36p 173,056 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f2 74f4a9\AcXtrnal.dll"
30 Oct 2008 9:35:06p 460,288 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22299_none_0c568b070b a8344b\AcSpecfc.dll"
31 Oct 2008 9:44:36p 460,288 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18165_none_0be95cd7f2 75db52\AcSpecfc.dll"
31 Oct 2008 9:24:16p 537,600 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e 582e23\AcLayers.dll"
31 Oct 2008 9:24:16p 173,056 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e 582e23\AcXtrnal.dll"
20 Oct 2008 11:21:44p 1,645,568 A.... "C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.2229 1_none_6537dd96b0202b74\connect.dll"
21 Oct 2008 7:04:24p 2,048 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_157 1a66f22f6dbfb\tzres.dll"
21 Oct 2008 9:34:44p 18,944 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_157 1a66f22f6dbfb\tzupd.exe"
30 Oct 2008 7:05:24p 2,560 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22299_none_0c538a290b aae846\AcRes.dll"
31 Oct 2008 9:33:50p 2,144,256 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16772_none_09f44d1df5 5b00f6\AcGenral.dll"
30 Oct 2008 9:35:06p 28,672 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22299_none_82332 bc57a21d291\Apphlpdm.dll"
21 Oct 2008 7:22:12p 2,048 A.... "C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150 678d409c2b5b0\tzres.dll"
29 Oct 2008 9:59:18p 2,927,616 A.... "C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4 f8c7931bd1e1\explorer.exe"
31 Oct 2008 9:33:50p 537,600 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f5 5933a4\AcLayers.dll"
31 Oct 2008 9:33:50p 173,056 A.... "C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f5 5933a4\AcXtrnal.dll"
6 Nov 2008 7:14:26a 11,580,928 A.... "C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4 f42122643ed\shell32.dll"
31 Oct 2008 7:21:42p 4,240,384 A.... "C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_ 41c472dec16924fb\GameUXLegacyGDFs.dll"
6 Nov 2008 6:57:08a 11,315,712 A.... "C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3 fd2150a82e8\shell32.dll"
29 Nov 2008 11:12:12a 84,661 A.... "C:\Windows\System32\Macromed\Flash\uninstall_plug in.exe"
18 Dec 2008 3:01:40a 6,553,600 A.... "C:\Windows\System32\SMI\Store\Machine\schema. dat"
15 Dec 2008 9:49:24a 6,553,600 A.... "C:\Windows\System32\SMI\Store\Machine\schema.dat_ previous"
18 Dec 2008 3:01:36a 524,288 A.SH. "C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{ 3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms"


C:\Program Files\

1 Dec 2008 9:33:56a 1,406,192 A.... "C:\Program Files\CCleaner\CCleaner.exe"
18 Dec 2008 12:31:22p 114,654 A.... "C:\Program Files\CCleaner\uninst.exe"
1 Dec 2008 9:33:56a 1,406,192 A.... "C:\Program Files\CCleaner\CCleaner.exe"
18 Dec 2008 12:31:22p 114,654 A.... "C:\Program Files\CCleaner\uninst.exe"
25 Nov 2008 8:19:06p 125,872 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"
25 Nov 2008 8:19:06p 125,872 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"
25 Nov 2008 8:18:50p 125,872 A.... "C:\Program Files\DivX\DivXCodecUninstall.exe"
25 Nov 2008 8:18:54p 125,872 A.... "C:\Program Files\DivX\DivXConverterUninstall.exe"
25 Nov 2008 8:19:00p 125,872 A.... "C:\Program Files\DivX\DivXPlayerUninstall.exe"
25 Nov 2008 8:19:06p 125,872 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
3 Dec 2008 7:59:02p 380,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
3 Dec 2008 7:59:02p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
3 Dec 2008 7:59:02p 1,265,296 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
3 Dec 2008 7:59:04p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
3 Dec 2008 7:59:04p 399,504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
3 Dec 2008 7:59:04p 170,640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
3 Dec 2008 7:59:04p 44,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
18 Dec 2008 6:31:54p 8,299 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
18 Dec 2008 6:31:26p 688,784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
3 Dec 2008 7:59:06p 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
31 Oct 2008 2:55:58p 17,408 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
31 Oct 2008 2:56:00p 185,856 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"
31 Oct 2008 2:56:00p 307,712 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
30 Oct 2008 12:00:50a 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
31 Oct 2008 2:56:02p 697,344 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
31 Oct 2008 2:56:02p 710,144 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
31 Oct 2008 2:56:04p 198,144 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
31 Oct 2008 2:56:04p 697,856 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
31 Oct 2008 2:56:06p 304,640 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
31 Oct 2008 2:56:06p 103,936 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
31 Oct 2008 2:56:06p 87,552 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
31 Oct 2008 2:56:08p 20,480 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
31 Oct 2008 2:56:08p 17,408 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
31 Oct 2008 2:56:10p 103,936 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
30 Oct 2008 12:00:50a 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
31 Oct 2008 2:56:10p 395,776 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
31 Oct 2008 2:56:12p 136,704 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
31 Oct 2008 2:56:12p 242,176 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
31 Oct 2008 2:56:14p 17,920 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
31 Oct 2008 2:56:14p 9,729,536 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
1 Dec 2008 5:03:44p 17,400 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\AccessibleMarshal.dll"
1 Dec 2008 5:03:46p 186,360 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\crashreporter.exe"
1 Dec 2008 5:03:48p 308,216 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe"
1 Dec 2008 12:34:30p 233,472 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\freebl3.dll"
1 Dec 2008 5:03:48p 759,800 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\js3250.dll"
1 Dec 2008 5:03:50p 722,424 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\mozcrt19.dll"
1 Dec 2008 5:03:50p 169,464 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\nspr4.dll"
1 Dec 2008 5:03:52p 718,328 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\nss3.dll"
1 Dec 2008 5:03:52p 288,248 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssckbi.dll"
1 Dec 2008 5:03:54p 103,928 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssdbm3.dll"
1 Dec 2008 5:03:54p 87,544 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\nssutil3.dll"
1 Dec 2008 5:03:56p 20,472 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\plc4.dll"
1 Dec 2008 5:03:58p 17,400 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\plds4.dll"
1 Dec 2008 5:03:58p 103,928 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\smime3.dll"
1 Dec 2008 12:34:30p 151,552 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\softokn3.dll"
1 Dec 2008 5:04:00p 413,176 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\sqlite3.dll"
1 Dec 2008 5:04:00p 136,696 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\ssl3.dll"
1 Dec 2008 5:04:02p 242,680 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\updater.exe"
1 Dec 2008 5:04:02p 17,912 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\xpcom.dll"
1 Dec 2008 5:04:04p 10,487,288 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\xul.dll"
12 Dec 2008 2:28:40a 419,802 A.... "C:\Program Files\SecondLife\uninst.exe"
12 Dec 2008 3:48:28p 384,000 A.... "C:\Program Files\Spyware Process Detector\spydetector.exe"
3 Nov 2008 12:49:26p 47,912 A.... "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"
4 Dec 2008 1:50:04p 8,944 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"
4 Dec 2008 1:50:06p 7,408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
4 Dec 2008 1:50:02p 55,024 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
3 Dec 2008 2:56:38p 352,256 A.... "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"
4 Dec 2008 1:50:00p 158,960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"
4 Dec 2008 1:50:00p 1,809,648 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
29 Oct 2008 3:35:34p 199,616 A.... "C:\Program Files\Vuze\Azureus.exe"
29 Oct 2008 3:35:42p 199,616 A.... "C:\Program Files\Vuze\AzureusUpdater.exe"
29 Oct 2008 3:35:34p 199,616 A.... "C:\Program Files\Vuze\Azureus.exe"
29 Oct 2008 3:35:42p 199,616 A.... "C:\Program Files\Vuze\AzureusUpdater.exe"
20 Nov 2008 2:35:18p 162,304 A.... "C:\Program Files\Vuze\uninstall.exe"
25 Nov 2008 6:40:02p 20 A.... "C:\Program Files\WinRAR\rarnew.dat"
25 Nov 2008 6:40:02p 22 A.... "C:\Program Files\WinRAR\zipnew.dat"
9 Dec 2008 4:03:56p 49,503 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em000_32.dat"
9 Dec 2008 4:03:56p 334,210 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em001_32.dat"
18 Dec 2008 7:32:32p 14,129,656 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em002_32.dat"
9 Dec 2008 4:04:10p 220,335 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em003_32.dat"
9 Dec 2008 4:04:10p 438,015 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em004_32.dat"
9 Dec 2008 4:04:10p 46,673 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em005_32.dat"
9 Dec 2008 4:04:10p 10,393 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\em006_32.dat"
18 Dec 2008 7:32:26p 195 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\mod_comp.dat"
9 Dec 2008 2:55:44p 3,121 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.dat"
9 Dec 2008 2:55:06p 667,914 A.... "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
14 Dec 2008 10:17:02p 47,740 A.... "C:\Program Files\HP\HP Software Update\Contents.dat"
14 Dec 2008 10:17:02p 47,740 A.... "C:\Program Files\HP\HP Software Update\Contents.dat"
3 Nov 2008 8:06:42p 61,440 ..... "C:\Program Files\IGC\Free DWG Viewer\AutoRec.dll"
3 Nov 2008 8:31:14p 5,861,376 ..... "C:\Program Files\IGC\Free DWG Viewer\BravaACX.dll"
3 Nov 2008 8:06:42p 61,440 ..... "C:\Program Files\IGC\Free DWG Viewer\AutoRec.dll"
3 Nov 2008 8:31:14p 5,861,376 ..... "C:\Program Files\IGC\Free DWG Viewer\BravaACX.dll"
3 Nov 2008 8:27:18p 253,952 ..... "C:\Program Files\IGC\Free DWG Viewer\BravaFreeDWG.exe"
20 Oct 2008 12:00:32p 15,065,088 ..... "C:\Program Files\IGC\Free DWG Viewer\Dwg2DL.dll"
3 Nov 2008 8:06:32p 45,056 ..... "C:\Program Files\IGC\Free DWG Viewer\GDIPlusGate.dll"
3 Nov 2008 8:06:40p 200,704 ..... "C:\Program Files\IGC\Free DWG Viewer\SCFPublisher.dll"
3 Nov 2008 8:14:36p 73,728 ..... "C:\Program Files\IGC\Free DWG Viewer\TypeReg.dll"
21 Oct 2008 9:06:52a 311,296 A.... "C:\Program Files\InstallShield Installation Information\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\setup.exe"
24 Nov 2008 12:52:32p 119,016 A.... "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe"
24 Nov 2008 12:52:34p 159,744 A.... "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\_setup.dll"
18 Oct 2008 6:30:22p 17,931,616 A.... "C:\Program Files\Microsoft Office\Office12\EXCEL.EXE"
18 Oct 2008 6:38:02p 347,488 A.... "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE"
18 Oct 2008 6:19:02p 4,283,232 A.... "C:\Program Files\Microsoft Office\Office12\Wordcnv.dll"
18 Oct 2008 6:38:06p 17,496,416 A.... "C:\Program Files\Microsoft Office\Office12\WWLIB.DLL"
31 Oct 2008 2:56:16p 23,040 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"
31 Oct 2008 2:56:16p 134,656 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
31 Oct 2008 2:56:18p 65,536 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
2 Dec 2008 2:04:40a 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"
31 Oct 2008 2:55:58p 509,544 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
1 Dec 2008 5:04:06p 23,032 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\browserdirprovider.dll"
1 Dec 2008 5:04:06p 133,624 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\components\brwsrcmp.dll"
1 Dec 2008 5:04:08p 65,016 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins\npnul32.dll"
1 Dec 2008 5:03:44p 509,832 A.... "C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe"
18 Dec 2008 5:01:02p 12,034 A.... "C:\Program Files\Spyware Process Detector\Uninstall\unins000.dat"
18 Dec 2008 5:00:42p 692,505 A.... "C:\Program Files\Spyware Process Detector\Uninstall\unins000.exe"
24 Nov 2008 1:51:20p 4,608 A.... "C:\Program Files\Vuze\.install4j\i4jdel.exe"
24 Nov 2008 1:51:20p 108,544 A.... "C:\Program Files\Vuze\.install4j\i4jinst.dll"
24 Nov 2008 1:51:20p 57,344 A.... "C:\Program Files\Vuze\.install4j\i4j_extf_7_5p83tu.dll"
24 Nov 2008 1:51:20p 757,688 A.... "C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe"
24 Nov 2008 1:51:20p 245,408 A.... "C:\Program Files\Vuze\.install4j\unicows.dll"
24 Nov 2008 1:51:20p 22,528 A.... "C:\Program Files\Vuze\.install4j\_shfoldr.dll"
25 Nov 2008 12:45:42p 2,485,248 A.... "C:\Program Files\Windows Live\Messenger\msgsres.dll"
25 Nov 2008 12:45:42p 810,320 A.... "C:\Program Files\Windows Live\Messenger\msidcrl40.dll"
25 Nov 2008 12:45:42p 5,724,184 A.... "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
2 Dec 2008 2:04:40a 7,139 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"
2 Dec 2008 10:33:22a 2,619,426 A.... "C:\Program Files\Vuze\plugins\azemp\azemp_2.0.32.zip"
2 Dec 2008 10:33:22a 5,472,734 A.... "C:\Program Files\Vuze\plugins\azemp\azmplay.exe"
2 Dec 2008 10:33:22a 2,619,426 A.... "C:\Program Files\Vuze\plugins\azemp\azemp_2.0.32.zip"
2 Dec 2008 10:33:22a 5,472,734 A.... "C:\Program Files\Vuze\plugins\azemp\azmplay.exe"
2 Dec 2008 10:33:22a 2,619,426 A.... "C:\Program Files\Vuze\plugins\azemp\azemp_2.0.32.zip"
2 Dec 2008 10:33:22a 5,472,734 A.... "C:\Program Files\Vuze\plugins\azemp\azmplay.exe"
2 Dec 2008 10:33:22a 2,619,426 A.... "C:\Program Files\Vuze\plugins\azemp\azemp_2.0.32.zip"
2 Dec 2008 10:33:22a 5,472,734 A.... "C:\Program Files\Vuze\plugins\azemp\azmplay.exe"
24 Nov 2008 12:52:34p 303,236 A.... "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Int el32\setup.dll"


Files with hidden attributes:

Mon 3 Mar 2008 568 A..H. --- "C:\Windows\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\Windows\nod32restoretemdono.reg"
Sun 23 Nov 2008 524,288 A.SH. --- "C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms"
Thu 18 Dec 2008 524,288 A.SH. --- "C:\Users\Rulo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms"
Sun 23 Nov 2008 524,288 A.SH. --- "C:\Users\Rulo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms"
Tue 22 Apr 2008 8 A..H. --- "C:\ProgramData\Hewlett-Packard\HP TCS\BIT334F.tmp"
Tue 25 Nov 2008 4,348 A.SH. --- "C:\ProgramData\Microsoft\Windows\DRM\DRMv1.ba k"
Tue 22 Apr 2008 8 A..H. --- "C:\Users\All Users\Hewlett-Packard\HP TCS\BIT334F.tmp"
Tue 4 Mar 2008 11,976,704 ...H. --- "C:\Users\Rulo\Documents\Youcam\YouCamDiskMemory.t mp"
Sun 23 Nov 2008 7,645,120 A..H. --- "C:\Windows\SoftwareDistribution\Download\73a2b837 fd570c01cee685772aade693\BIT7D21.tmp"
Tue 25 Nov 2008 0 A.SH. --- "C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv0 1.tmp"
Tue 25 Nov 2008 4,348 A.SH. --- "C:\Users\All Users\Microsoft\Windows\DRM\DRMv1.bak"
Thu 18 Dec 2008 524,288 A.SH. --- "C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{ 3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms"
Thu 2 Nov 2006 524,288 A.SH. --- "C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{ 3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms"
Tue 25 Nov 2008 0 A.SH. --- "C:\Users\All Users\Microsoft\Windows\DRM\Cache\Indiv01.tmp"
Thu 18 Dec 2008 524,288 A.SH. --- "C:\Users\Rulo\AppData\Local\Microsoft\Windows\Usr Class.dat{3aee2ff8-b9cf-11dd-8b03-001f1649c6c9}.TMContainer00000000000000000001.regt rans-ms"
Sun 23 Nov 2008 524,288 A.SH. --- "C:\Users\Rulo\AppData\Local\Microsoft\Windows\Usr Class.dat{3aee2ff8-b9cf-11dd-8b03-001f1649c6c9}.TMContainer00000000000000000002.regt rans-ms"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Users\Rulo\AppData\Roaming\U3\temp\Launchp ad Removal.exe"
Fri 28 Nov 2008 289,792 ...H. --- "C:\Users\Rulo\Desktop\OROZ\CLIENTES\OXXO\~WRL0001 .tmp"


Program Folders:

C:\Program Files\

Activation Assistant for the 2007 Microsoft Office suites
Adobe
Atheros
AWS
CCleaner
Cisco
Common Files
CONEXANT
CyberLink
DivX
ESET
Hewlett-Packard
Hewlett-Packard Company
HP
HP Games
IGC
InstallShield Installation Information
Internet Explorer
Java
Malwarebytes' Anti-Malware
Microsoft Games
Microsoft Office
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
Mozilla Firefox 3.1 Beta 2
MSBuild
MSECache
MSXML 4.0
muvee Technologies
NetWaiting
Online Services
Panda Security
Reference Assemblies
SecondLife
Spyware Process Detector
Stardock
SUPERAntiSpyware
Synaptics
Uninstall Information
Vuze
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinRAR
Yahoo!

C:\Program Files\Common Files\

Adobe
Borland Shared
DESIGNER
Hewlett-Packard
HP
InstallShield
Java
LightScribe
microsoft shared
muvee Technologies
PX Storage Engine
Services
SpeechEngines
Stardock
Symantec Shared
System
WindowsLiveInstaller
Wise Installation Wizard


Add/Remove Programs:

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
CCleaner (remove only)
Conexant HD Audio
HDAUDIO Soft Data Fax Modem with SmartCP
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
Microsoft Office Home and Student 2007
HP Imaging Device Functions 8.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 8.0
HP Customer Participation Program 8.0
HP OCR Software 8.0
CyberLink YouCam
PowerDirector
Malwarebytes' Anti-Malware
Mozilla Firefox (3.0.4)
Mozilla Firefox (3.1b2)
NVIDIA Drivers
ObjectDock
SecondLife (remove only)
QuickPlay SlingPlayer 0.4.6
Spyware Process Detector v3.13
Synaptics Pointing Device Driver
Vuze
My HP Games
WinRAR archiver
CyberLink YouCam
HPPhotoSmartPhotobookHolidayPack1
HP Doc Viewer
1310
AIO_Scan
HPPhotoSmartPhotobookWebPack1
HPPhotoSmartPhotobookPlayfulPack1
Scan
WebReg
AutoUpdate
Adobe Shockwave Player
CyberLink DVD Suite
HPNetworkAssistant
Hewlett-Packard Active Check for Health Check
Java(TM) 6 Update 5
Java(TM) 6 Update 7
HP Wireless Assistant
PSSWCORE
HP Quick Launch Buttons 6.40 D3
muvee autoProducer 6.1
HP Smart Web Printing
ESU for Microsoft Vista
NetWaiting
Power2Go
Cisco EAP-FAST Module
HP DVD Play 3.7
DocProc
Cards_Calendar_OrderGift_DoMorePlugout
LightScribe System Software 1.12.33.2
Activation Assistant for the 2007 Microsoft Office suites
Cisco PEAP Module
Hewlett-Packard Asset Agent for Health Check
eSupportQFolder
HPProductAssistant
1310_Help
1310Trb
CustomerResearchQFolder
Microsoft Visual C++ 2005 Redistributable
Fax
DivX Codec
ESET NOD32 Antivirus
Cisco LEAP Module
MSXML 4.0 SP2 (KB954430)
DocProcQFolder
HPPhotoSmartPhotobookModernPack1
DivX Player
HP Help and Support
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Compatibility Pack for the 2007 Office system
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Home and Student 2007
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Microsoft Office PowerPoint Viewer 2007 (English)
MarketResearch
Status
Destinations
Windows Live installer
HP Active Support Library
HPPhotoSmartDiscLabel_PaperLabel
SolutionCenter
Copy
DeviceManagementQFolder
Adobe Reader 8.1.3
Spelling Dictionaries Support For Adobe Reader 8
HPPhotoSmartPhotobookScrapbookPack1
hpphotosmartdisclabelplugin
Windows Live Asistente para el inicio de sesión
DivX Converter
HPPhotoSmartDiscLabel_PrintOnDisc
HP User Guides 0118
DivX Web Player
Free DWG Viewer 6.2
HP Photosmart Essential 2.5
BufferChm
HP Customer Experience Enhancements
Atheros Driver Installation Program
LabelPrint
Toolbox
HP Update
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
PowerDirector
SUPERAntiSpyware Free Edition
Realtek USB 2.0 Card Reader
HPPhotoSmartDiscLabelContent1
UnloadSupport
VideoToolkit01
AIO_CDB_Software
AIO_CDB_ProductContext
HP Photosmart Essential
HPSSupply
32 Bit HP CIO Components Installer
HP Total Care Advisor
HPPhotoSmartDiscLabel_Tattoo
HPTCSSetup
Windows Live Messenger
TrayApp


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72, 00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00 ,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65 ,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00 ,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"QlbCtrl.exe"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"
"hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"
"HP Health Check Scheduler"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"hpWirelessAssistant"="C:\\Program Files\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"UCam_Menu"="\"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMen u.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\2.0\""
"egui"="\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Internet Connection Sharing (ICS)
START_TYPE : 4 DISABLED

SERVICE_NAME: wuauserv
DISPLAY_NAME : Windows Update
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="7000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\\Windows\\system32\\userinit.ex e,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shell extensions]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
OS REG_SZ Windows_NT
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Sy stem32\Wbem;C:\Program Files\CyberLink\Power2Go
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;. MSC
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
USERNAME REG_SZ SYSTEM
windir REG_EXPAND_SZ %SystemRoot%
TRACE_FORMAT_SEARCH_PATH REG_EXPAND_SZ \\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
DFSTRACINGON REG_EXPAND_SZ FALSE
OnlineServices REG_SZ Online Services
Platform REG_SZ MCD
PCBRAND REG_SZ Pavilion

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders
SecurityProviders REG_SZ credssp.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880d85-aad9-4558-abdc-2ab1552d831f}
<NO NAME> REG_SZ LightScribe Control Panel
Version REG_SZ 1,12,33,2
StubPath REG_SZ "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\appinfo
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\keyiso
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\ntds
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\profsvc
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sacsvr
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\swprv
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\tabletinputservice
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\tbs
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\trustedinstaller
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\volmgr.sys
<NO NAME> REG_SZ Driver


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\volmgrx.sys
<NO NAME> REG_SZ Driver


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\wdf01000.sys
<NO NAME> REG_SZ Driver


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\windefend
<NO NAME> REG_SZ Service


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\{6bdd1fc1-810f-11d0-bec7-08002be2092f}
<NO NAME> REG_SZ IEEE 1394 Bus host controllers


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\{d48179be-ec20-11d1-b6b8-00c04fa372a7}
<NO NAME> REG_SZ SBP2 IEEE 1394 Devices


HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
<NO NAME> REG_SZ SecurityDevices


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\Windows\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\program files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

prueba con esto:
Descarga Superantispyware
Inicia en modo seguro, lo instalas y realizas un examen completo elimiando todo lo que encuentre
Descarga y ejecuta dr. web cure it Realiza un examen completo, mandas a cuarentena todo y eliminas todo lo que encuentre. Me cuentas como te fue
Salu2