Fake Windows Security Alert [CLOSED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

Fake Windows Security Alert [CLOSED]

Options

vanessy View Member Profile	Oct 5 2008, 07:40 PM Post #1
Member Posts: 17 From: Canada OS: Windows XP	Hi, Today I was browsing on Firefox when suddenly a Windows Security Alert popped up, and the only option it gave me was to "Enable Protection". Unfortunately I clicked that instead of just clicking the x and it took me to an obviously bad website for some "anti-virus" software. After finding geekstogo, I downloaded the HijackThis program. Here is my log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe C:\WINDOWS\system32\gvezcpsd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/zoolander/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customi...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Rogers SHS] "C:\Program Files\Rogers\SelfHealing\shs.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [uimnt] C:\WINDOWS\system32\gvezcpsd.exe O4 - HKLM\..\Policies\Explorer\Run: [vU9C71xWoF] C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zomgsspace.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.nefficient.co.kr/vcds-client/vCDS.CAB O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O21 - SSODL: utilcfg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\utilcfg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 12275 bytes

fenzodahl512 View Member Profile	Oct 5 2008, 08:31 PM Post #2
Trusted Helper Posts: 4,397 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following.... Please download SmitfraudFix (by S!Ri) Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm NEXT Please download RSIT by random/random and save it to your Desktop. Double click on RSIT.exe to run RSIT Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt** in your next reply. Post me these logs in your next reply.. Post each log in separate post.. 1. SmitfraudFix 2. RSIT log.txt 3. RSIT info.txt

vanessy View Member Profile	Oct 6 2008, 08:06 PM Post #3
Member Posts: 17 From: Canada OS: Windows XP	Here is the SmitfraudFix log: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe C:\WINDOWS\system32\gvezcpsd.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe �� hosts �� C:\ �� C:\WINDOWS �� C:\WINDOWS\system �� C:\WINDOWS\Web �� C:\WINDOWS\system32 �� C:\WINDOWS\system32\LogFiles �� C:\Documents and Settings\VanessA �� C:\Documents and Settings\VanessA\Application Data �� Start Menu �� C:\DOCUME~1\VanessA\FAVORI~1 �� Desktop �� C:\Program Files C:\Program Files\akl\ FOUND ! �� Corrupted keys �� Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" �� o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri �� IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri �� VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri �� 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri �� AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri �� Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll �� AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" �� Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" �� RK �� DNS Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 64.71.255.198 HKLM\SYSTEM\CCS\Services\Tcpip\..\{24CBC333-13BC-48DF-B8FD-140F67C311F8}: DhcpNameServer=64.71.255.198 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87FD8DF4-A551-4EF0-A25A-7ADCC9E56240}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{24CBC333-13BC-48DF-B8FD-140F67C311F8}: DhcpNameServer=64.71.255.198 HKLM\SYSTEM\CS2\Services\Tcpip\..\{87FD8DF4-A551-4EF0-A25A-7ADCC9E56240}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{24CBC333-13BC-48DF-B8FD-140F67C311F8}: DhcpNameServer=64.71.255.198 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87FD8DF4-A551-4EF0-A25A-7ADCC9E56240}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198 �� Scanning for wininet.dll infection �� End

vanessy

Oct 6 2008, 08:07 PM

Post #4

Member

Posts: 17
From: Canada
OS: Windows XP

Here is the RSIT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe
C:\WINDOWS\system32\gvezcpsd.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\VanessA\Desktop\RSIT.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\IEDFix.exe
C:\Program Files\Trend Micro\HijackThis\VanessA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/zoolander/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/customi...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Rogers SHS] "C:\Program Files\Rogers\SelfHealing\shs.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [uimnt] C:\WINDOWS\system32\gvezcpsd.exe
O4 - HKLM\..\Policies\Explorer\Run: [vU9C71xWoF] C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co.jp/JP/f/ActiveX/Public/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zomgsspace.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.nefficient.co.kr/vcds-client/vCDS.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: utilcfg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\utilcfg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 12378 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-01 342600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-12-03 230512]
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-12-03 185456]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2005-06-17 401408]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
""= []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Rogers SHS"=C:\Program Files\Rogers\SelfHealing\shs.exe [2008-04-08 2733416]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"vU9C71xWoF"=C:\DOCUME~1\VanessA\LOCALS~1\Temp\wJQs.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"uimnt"=C:\WINDOWS\system32\gvezcpsd.exe [2008-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-19 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-05-18 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\KODAK\KODAKE~1\bin\EASYSH~1.EXE [2002-09-16 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\KODAK\KODAKS~1\7288971\Program\BACKWE~1.EXE [2002-03-13 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
C:\PROGRA~1\DELLWI~1\PRISMCFG.exe [2004-10-04 917611]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwEngineSvc"=2
"WMPNetworkSvc"=3
"usnjsvc"=3
"Macromedia Licensing Service"=3
"iPod Service"=3
"Creative Service for CDROM Access"=2
"Apple Mobile Device"=2

C:\Documents and Settings\VanessA\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-07-19 219448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
utilcfg - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\utilcfg.dll [2008-10-05 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Wizet\MapleStory\Patcher.exe"="C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe"="C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe:*:Enabled:Microsoft AntiSpyware"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Wizet\MapleStory\NewPatcher.exe"="C:\Program Files\Wizet\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Wizet\MapleStory\MapleStory.exe"="C:\Program Files\Wizet\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:�Torrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-10-06 22:00:42 ----D---- C:\rsit
2008-10-06 22:00:22 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-06 21:59:50 ----A---- C:\rapport.txt
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-06 21:59:34 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\swsc.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\swreg.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\Process.exe
2008-10-06 21:59:33 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-06 17:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\bafknczs
2008-10-06 05:37:55 ----D---- C:\Documents and Settings\All Users\Application Data\tstqdetq
2008-10-05 21:18:40 ----D---- C:\Program Files\Trend Micro
2008-10-05 17:39:46 ----D---- C:\Program Files\uqbjlwd
2008-10-05 17:38:07 ----A---- C:\WINDOWS\system32\winlogonpc.exe
2008-10-05 17:38:06 ----A---- C:\WINDOWS\zipped.tmp
2008-10-05 17:38:06 ----A---- C:\WINDOWS\zip3.tmp
2008-10-05 17:38:06 ----A---- C:\WINDOWS\zip2.tmp
2008-10-05 17:38:06 ----A---- C:\WINDOWS\zip1.tmp
2008-10-05 17:38:06 ----A---- C:\WINDOWS\userconfig9x.dll
2008-10-05 17:38:06 ----A---- C:\WINDOWS\FVProtect.exe
2008-10-05 17:38:06 ----A---- C:\WINDOWS\base64.tmp
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\taack.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\sncntr.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\psoft1.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\psof1.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\ps1.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\mwin32.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\hxiwlgpm.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\hoproxy.dll
2008-10-05 17:38:05 ----A---- C:\WINDOWS\system32\bsva-egihsg52.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\iTunesMusic.exe
2008-10-05 17:38:05 ----A---- C:\WINDOWS\a.bat
2008-10-05 17:38:03 ----D---- C:\WINDOWS\system32\smp
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\ssurf022.dll
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\netode.exe
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\mtr2.exe
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\msnbho.dll
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\medup020.dll
2008-10-05 17:38:03 ----A---- C:\WINDOWS\system32\medup012.dll
2008-10-05 17:38:02 ----D---- C:\Program Files\Inet Delivery
2008-10-05 17:38:02 ----A---- C:\WINDOWS\system32\temp#01.exe
2008-10-05 17:38:02 ----A---- C:\WINDOWS\system32\msgp.exe
2008-10-05 17:38:02 ----A---- C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\ssvchost.exe
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\ssvchost.com
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\regm64.dll
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\regc64.dll
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\msvchost.exe
2008-10-05 17:38:01 ----A---- C:\WINDOWS\system32\dpcproxy.exe
2008-10-05 17:38:00 ----A---- C:\WINDOWS\system32\thun32.dll
2008-10-05 17:38:00 ----A---- C:\WINDOWS\system32\thun.dll
2008-10-05 17:38:00 ----A---- C:\WINDOWS\system32\Rundl1.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\winsystem.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\WINWGPX.EXE
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\winsystem.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\vcatchpi.dll
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\sysreq.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\newsd32.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\mssecu.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\emesx.dll
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\bdn.com
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\anticipator.dll
2008-10-05 17:37:59 ----A---- C:\WINDOWS\system32\akttzn.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\mssecu.exe
2008-10-05 17:37:59 ----A---- C:\WINDOWS\bdn.com
2008-10-05 17:37:58 ----D---- C:\WINDOWS\mslagent
2008-10-05 17:37:58 ----A---- C:\WINDOWS\system32\awtoolb.dll
2008-10-05 17:37:57 ----A---- C:\WINDOWS\system32\vbsys2.dll
2008-10-05 17:37:56 ----D---- C:\Program Files\akl
2008-10-05 17:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\bwfyxcno
2008-10-05 17:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\opktoduj
2008-10-05 17:37:22 ----A---- C:\WINDOWS\system32\gvezcpsd.exe
2008-10-02 14:26:21 ----SHD---- C:\Config.Msi
2008-10-01 03:00:49 ----D---- C:\WINDOWS\LastGood
2008-09-30 21:41:21 ----D---- C:\WINDOWS\Prefetch
2008-09-30 19:21:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-09-30 19:21:32 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\cmd.exe
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\cacls.exe
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\autochk.exe
2008-09-30 19:17:06 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\ftp.exe
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\format.com
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-09-30 19:17:05 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\locator.exe
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\localspl.dll
2008-09-30 19:17:04 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-09-30 19:17:03 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\rasman.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\printui.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-09-30 19:17:02 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\services.exe
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\schannel.dll
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\savedump.exe
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\samlib.dll
2008-09-30 19:17:01 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-09-30 19:17:00 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-09-30 19:17:00 ----A---- C:\WINDOWS\system32\smss.exe
2008-09-30 19:17:00 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\userinit.exe
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\untfs.dll
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\ulib.dll
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-09-30 19:16:59 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-09-30 19:16:58 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-09-30 19:16:46 ----A---- C:\WINDOWS\system32\hal.dll
2008-09-30 19:16:45 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-30 19:16:44 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-09-11 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-29 08:44:46 ----D---- C:\WINDOWS\system32\en-us
2008-08-29 08:44:43 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 08:44:43 ----D---- C:\WINDOWS\l2schemas
2008-08-29 08:44:41 ----D---- C:\WINDOWS\system32\en
2008-08-29 08:44:40 ----D---- C:\WINDOWS\system32\bits
2008-08-29 08:34:54 ----D---- C:\WINDOWS\network diagnostic
2008-08-29 08:31:32 ----N---- C:\WINDOWS\system32\_003466_.tmp.dll
2008-08-29 08:31:32 ----N---- C:\WINDOWS\system32\_003465_.tmp.dll
2008-08-29 08:29:21 ----N---- C:\WINDOWS\system32\_003463_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003458_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003457_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003456_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003455_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003454_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003451_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003450_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003449_.tmp.dll
2008-08-29 08:29:20 ----N---- C:\WINDOWS\system32\_003448_.tmp.dll
2008-08-29 08:29:19 ----N---- C:\WINDOWS\system32\_003446_.tmp.dll
2008-08-29 08:29:19 ----N---- C:\WINDOWS\system32\_003443_.tmp.dll
2008-08-29 08:29:19 ----N---- C:\WINDOWS\system32\_003441_.tmp.dll
2008-08-29 08:29:19 ----N---- C:\WINDOWS\system32\_003440_.tmp.dll
2008-08-29 08:29:18 ----N---- C:\WINDOWS\system32\_003436_.tmp.dll
2008-08-29 08:29:18 ----N---- C:\WINDOWS\system32\_003435_.tmp.dll
2008-08-29 08:29:18 ----N---- C:\WINDOWS\system32\_003433_.tmp.dll
2008-08-29 08:29:18 ----N---- C:\WINDOWS\system32\_003432_.tmp.dll
2008-08-29 08:29:17 ----N---- C:\WINDOWS\system32\_003430_.tmp.dll
2008-08-29 08:29:17 ----N---- C:\WINDOWS\system32\_003427_.tmp.dll
2008-08-29 08:29:17 ----N---- C:\WINDOWS\system32\_003425_.tmp.dll
2008-08-29 08:29:17 ----N---- C:\WINDOWS\system32\_003423_.tmp.dll
2008-08-29 08:29:17 ----N---- C:\WINDOWS\system32\_003422_.tmp.dll
2008-08-29 08:29:16 ----N---- C:\WINDOWS\system32\_003409_.tmp.dll
2008-08-29 08:29:16 ----N---- C:\WINDOWS\system32\_003407_.tmp.dll
2008-08-29 08:29:16 ----N---- C:\WINDOWS\system32\_003404_.tmp.dll
2008-08-29 08:29:16 ----N---- C:\WINDOWS\system32\_003401_.tmp.dll
2008-08-29 08:29:16 ----N---- C:\WINDOWS\system32\_003400_.tmp.dll
2008-08-29 08:29:15 ----N---- C:\WINDOWS\system32\_003385_.tmp.dll
2008-08-29 08:29:15 ----N---- C:\WINDOWS\system32\_003382_.tmp.dll
2008-08-29 08:29:15 ----N---- C:\WINDOWS\system32\_003377_.tmp.dll
2008-08-29 08:29:15 ----N---- C:\WINDOWS\system32\_003376_.tmp.dll
2008-08-29 08:27:43 ----D---- C:\WINDOWS\EHome
2008-08-27 22:42:54 ----A---- C:\WINDOWS\system32\SETC82.tmp
2008-08-27 22:42:54 ----A---- C:\WINDOWS\system32\SETC81.tmp
2008-08-27 22:42:54 ----A---- C:\WINDOWS\system32\SET481.tmp
2008-08-27 22:42:54 ----A---- C:\WINDOWS\system32\SET480.tmp
2008-08-27 22:42:54 ----A---- C:\WINDOWS\system32\SET47F.tmp
2008-08-27 22:42:53 ----A---- C:\WINDOWS\system32\SET1BAD.tmp
2008-08-27 22:42:53 ----A---- C:\WINDOWS\system32\SET1388.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SETC8A.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SETC88.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SETC86.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SETC84.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SET488.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SET486.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SET484.tmp
2008-08-27 22:42:52 ----A---- C:\WINDOWS\system32\SET482.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SETC90.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SETC8F.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SET48E.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SET48D.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SET1BB0.tmp
2008-08-27 22:42:51 ----A---- C:\WINDOWS\system32\SET138B.tmp
2008-08-27 22:42:50 ----A---- C:\WINDOWS\system32\SETC93.tmp
2008-08-27 22:42:50 ----A---- C:\WINDOWS\system32\SET491.tmp
2008-08-27 22:42:47 ----A---- C:\WINDOWS\system32\SETC9A.tmp
2008-08-27 22:42:47 ----A---- C:\WINDOWS\system32\SETC99.tmp
2008-08-27 22:42:47 ----A---- C:\WINDOWS\system32\SETC98.tmp
2008-08-27 22:42:47 ----A---- C:\WINDOWS\system32\SET498.tmp
2008-08-27 2