Malware / Unknown cannot download photo's + Twitching [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

4 Pages

< 1 2 3 4 >

Malware / Unknown cannot download photo's + Twitching [Solved], Google Toolbar disappeared , Freezes up ,Very Slow

Options

jazzy56 View Member Profile	Jul 5 2009, 06:44 PM Post #31
Member Posts: 78 From: LOUISIANA OS: XP media	No CD, Dell did not send one, I can get one.

jazzy56 View Member Profile	Jul 5 2009, 06:50 PM Post #32
Member Posts: 78 From: LOUISIANA OS: XP media	Here are the logs Logfile of random's system information tool 1.06 (written by random/random) Run by mary shumate at 2009-07-05 19:47:26 Microsoft Windows XP Professional Service Pack 3 System drive C: has 29 GB (40%) free of 71 GB Total RAM: 510 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:47: PM, on Jul-05 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\mary shumate.D7J9CC91.001\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\mary shumate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/...GamesLoader.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solit...litairerush.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinner.com/games/v56/spide...ersolitaire.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220142634718 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 11559 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [2009-03-12 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-16 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-05 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-05 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-01-30 98304] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968] "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248] "MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2005-09-08 8192] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920] "IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-05 1838592] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "BuildBU"=c:\dell\bldbubg.exe [2006-01-30 61440] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-02-09 344064] "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-01-30 26112] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "Corel Photo Downloader"=C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [2006-02-09 106496] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-05 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-05 68856] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128] C:\Documents and Settings\All Users\Start Menu\Programs\Startup America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEA4DE5E-37ED-4A91-A883-6D8953A84614}"= [] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe::Disabled:TmSunrise" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-07-05 19:47:26 ----D---- C:\rsit 2009-07-05 04:50:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2009-07-05 04:49:34 ----D---- C:\Program Files\SUPERAntiSpyware 2009-07-05 04:49:34 ----D---- C:\Documents and Settings\mary shumate.D7J9CC91.001\Application Data\SUPERAntiSpyware.com 2009-07-05 04:46:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-07-05 04:33:38 ----SHD---- C:\RECYCLER 2009-07-05 00:55:58 ----D---- C:\Program Files\Panda Security 2009-07-05 00:03:36 ----A---- C:\WINDOWS\system32\javaws.exe 2009-07-05 00:03:36 ----A---- C:\WINDOWS\system32\javaw.exe 2009-07-05 00:03:36 ----A---- C:\WINDOWS\system32\java.exe 2009-07-05 00:02:59 ----D---- C:\Program Files\Java 2009-07-03 23:57:20 ----A---- C:\ComboFix.txt 2009-07-03 16:21:08 ----A---- C:\Boot.bak 2009-07-03 16:20:57 ----RASHD---- C:\cmdcons 2009-07-03 16:19:17 ----A---- C:\WINDOWS\zip.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\SWSC.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\SWREG.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\sed.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\PEV.exe 2009-07-03 16:19:17 ----A---- C:\WINDOWS\grep.exe 2009-07-03 11:29:52 ----A---- C:\lopR.txt 2009-07-03 11:13:53 ----D---- C:\Lop SD 2009-07-02 21:37:57 ----D---- C:\_OTL 2009-07-02 21:31:12 ----D---- C:\HostsXpert 4.2 - Hosts File Manager 2009-07-02 09:02:26 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-06-29 14:50:54 ----D---- C:\Program Files\ESET 2009-06-11 19:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 19:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-11 19:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 19:29:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 19:18:02 ----N---- C:\WINDOWS\system32\ati2sgag.exe ======List of files/folders modified in the last 1 months====== 2009-07-05 19:47:30 ----D---- C:\WINDOWS\Prefetch 2009-07-05 19:47:29 ----D---- C:\WINDOWS\Temp 2009-07-05 18:59:08 ----D---- C:\WINDOWS 2009-07-05 18:59:08 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt 2009-07-05 18:58:58 ----D---- C:\WINDOWS\Registration 2009-07-05 18:56:47 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-05 18:56:41 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-05 13:14:24 ----D---- C:\WINDOWS\system32 2009-07-05 13:13:18 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-05 04:50:06 ----SHD---- C:\WINDOWS\Installer 2009-07-05 04:49:45 ----HD---- C:\Config.Msi 2009-07-05 04:49:34 ----D---- C:\Program Files 2009-07-05 04:46:54 ----D---- C:\Program Files\Common Files 2009-07-05 01:01:48 ----D---- C:\WINDOWS\system32\drivers 2009-07-05 00:55:58 ----HD---- C:\WINDOWS\inf 2009-07-04 23:39:01 ----D---- C:\WINDOWS\Minidump 2009-07-04 12:43:32 ----D---- C:\Documents and Settings 2009-07-04 02:48:44 ----D---- C:\WINDOWS\Help 2009-07-03 23:57:29 ----D---- C:\qoobox 2009-07-03 23:44:31 ----A---- C:\WINDOWS\system.ini 2009-07-03 23:41:36 ----D---- C:\WINDOWS\system32\config 2009-07-03 23:41:25 ----D---- C:\WINDOWS\erdnt 2009-07-03 23:34:03 ----D---- C:\WINDOWS\AppPatch 2009-07-03 16:39:00 ----SD---- C:\WINDOWS\Tasks 2009-07-03 16:38:34 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-07-03 16:21:08 ----RASH---- C:\boot.ini 2009-06-29 01:55:36 ----D---- C:\Rooter$ 2009-06-28 23:10:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-28 23:04:26 ----D---- C:\Program Files\ERUNT 2009-06-27 17:16:39 ----D---- C:\WINDOWS\Microsoft.NET 2009-06-27 15:48:37 ----D---- C:\WINDOWS\system32\wbem 2009-06-12 11:45:13 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-06-12 11:45:12 ----D---- C:\Program Files\Internet Explorer 2009-06-11 19:31:28 ----D---- C:\WINDOWS\system32\en-US 2009-06-11 19:31:09 ----D---- C:\WINDOWS\ie7updates 2009-06-11 19:30:49 ----A---- C:\WINDOWS\imsins.BAK 2009-06-11 19:28:23 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-11 19:17:21 ----HD---- C:\Program Files\InstallShield Installation Information 2009-06-11 19:17:14 ----D---- C:\Program Files\ATI Technologies 2009-06-11 19:16:38 ----D---- C:\dell 2009-06-11 01:35:05 ----A---- C:\WINDOWS\win.ini 2009-06-09 19:48:22 ----D---- C:\Program Files\Coupons ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608] R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-04-11 482352] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090625.003\IDSxpx86.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS [] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMTDI.SYS [2009-03-12 217392] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-30 8552] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVEX15.SYS [] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1005000.087\SRTSP.SYS [2009-03-12 307760] R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-14 180864] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMFW.SYS [2009-03-12 89776] R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMIDS.SYS [2009-03-12 34736] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-12 36400] R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.087\SYMNDIS.SYS [2009-03-12 37296] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\MARYSH~1.001\LOCALS~1\Temp\catchme.sys [] S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 pxark;pxark; \??\C:\WINDOWS\system32\drivers\pxark.sys [] S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\MARYSH~1.001\LOCALS~1\Temp\sony_ssm.sys [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1002000.007\SYMDNS.SYS [] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-03-12 36400] S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1002000.007\SYMREDRV.SYS [] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 XPAD910;XPADFilter Service 910; C:\WINDOWS\system32\DRIVERS\xpad910.sys [2006-02-07 29405] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-06-17 86140] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-05 152984] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560] R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-12-31 217088] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-02-09 520192] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-07-05 19:47:46 ======Uninstall list====== -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log" Cars - Radiator Springs Adventures-->"C:\Program Files\THQ\Disney-PIXAR\Cars\Radiator Springs Adventures\Uninstall_Cars - Radiator Springs Adventures\Uninstall Cars - Radiator Springs Adventures.exe" Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe" DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG FinePixViewer Ver.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Game Elements GGE910 Wireless PC Control Pad-->C:\PROGRA~1\GAMEEL~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\INSTALL.LOG Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Heroes of the Pacific-->C:\Program Files\Ubisoft\Heroes of the Pacific\uninst.exe High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe" Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem" Intel® PRO Network Connections Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Medal of Honor Allied Assault™ Breakthrough-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9 Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9 Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9 Medal of Honor Pacific Assault™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Midtown Madness-->"C:\Program Files\Microsoft Games\Midtown Madness\UNINSTAL.EXE" /runtemp /uninstall Microsoft Motocross Madness 2-->"C:\Program Files\Microsoft Games\Motocross Madness 2\UNINSTAL.EXE" /runtemp /addremove Microsoft Motocross Madness-->"C:\Program Files\Microsoft Games\Motocross Madness\UNINSTAL.EXE" /runtemp Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MicroStaff WINASPI NT-->C:\MWASPINT\uninst.exe Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9 Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText Monster Truck Stunt Rally-->C:\Program Files\Monster Truck Stunt Rally\uninstall.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove Musicmatch� Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst NASCAR Racing 1999 Edition-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\NR1999\Uninst.isu Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.135\InstStub.exe /X Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9 RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks\|RealPlayer\|6.0 Scholastic's I SPY Fantasy-->C:\PROGRA~1\SCHOLA~1\ISPYFA~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYFA~1\INSTALL.LOG Scholastic's I SPY Junior-->C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall Sky Rangers Jet Simulator-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Big Sky Software\Sky Rangers Jet Simulator\Uninst.isu" Sky Rangers Simulator-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Big Sky Software\Sky Rangers Simulator\Uninst.isu" Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL SpongeBob SquarePants Employee of the Month-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Tonka Construction 2-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hasbro Interactive\Tonka Construction 2\Uninst.isu" -c"C:\Program Files\Hasbro Interactive\Tonka Construction 2\_UnInstall.dll" Tonka Raceway-->C:\HASBRO\TONKA_RACEWAY\Uninstall_Tonka_Raceway.EXE TONKA Search & Rescue 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E254C0-94AA-4B33-AF6D-5276A169A680}\setup.exe" -l0x9 Tonka Search and Rescue-->C:\HASBRO\TONKA_SR\SR_DEL95.EXE TrackMania Sunrise-->"C:\Program Files\TrackMania Sunrise\unins000.exe" TrackMania-->"C:\Program Files\Enlight\TrackMania\unins000.exe" Uninstall TONKA Monster Trucks-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\TONKA Monster Trucks\Uninst.isu" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} =====HijackThis Backups===== O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntxwa.exe DWahc [2007-12-10] O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntxwa.exe [2007-12-10] O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\vwdw64.exe [2007-12-10] O4 - HKLM\..\Run: [{FB-BF-FA-AA-DW}] C:\WINDOWS\system32\vwdw64.exe DWahc [2007-12-10] O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat" [2009-05-05] O2 - BHO: (no name) - {6E5BFA87-DA74-4AA2-826D-B758B991B5B4} - C:\WINDOWS\system32\ssttu.dll (file missing) [2009-05-05] O20 - Winlogon Notify: byxuvww - byxuvww.dll (file missing) [2009-05-05] ======Security center information====== AV: Norton Internet Security (disabled) FW: Norton Internet Security ======System event log====== Computer Name: D7J9CC91 Event Code: 1003 Message: Error code 1000007e, parameter1 c0000005, parameter2 f73cff8f, parameter3 b81c9c20, parameter4 b81c991c. Record Number: 89248 Source Name: System Error Time Written: 20090611200101.000000-300 Event Type: error User: Computer Name: D7J9CC91 Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00137208988B. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 89169 Source Name: Dhcp Time Written: 20090611193743.000000-300 Event Type: warning User: Computer Name: D7J9CC91 Event Code: 1003 Message: Error code 000000ea, parameter1 fe9b8020, parameter2 feb3eb18, parameter3 ffa14948, parameter4 00000001. Record Number: 89117 Source Name: System Error Time Written: 20090611183718.000000-300 Event Type: error User: Computer Name: D7J9CC91 Event Code: 1 Message: The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Record Number: 89064 Source Name: sr Time Written: 20090611155648.000000-300 Event Type: error User: Computer Name: D7J9CC91 Event Code: 55 Message: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Record Number: 89042 Source Name: Ntfs Time Written: 20090611143702.000000-300 Event Type: error User: =====Application event log===== Computer Name: D7J9CC91 Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 10 Source Name: Userenv Time Written: 20090611195339.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: D7J9CC91 Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 5 Source Name: Userenv Time Written: 20090611194131.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: D7J9CC91 Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 4 Source Name: Userenv Time Written: 20090611194131.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: D7J9CC91 Event Code: 1041 Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 2 Source Name: Userenv Time Written: 20090611194131.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: D7J9CC91 Event Code: 1041 Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. Record Number: 1 Source Name: Userenv Time Written: 20090611194131.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0404 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ -----------------EOF-----------------

emeraldnzl View Member Profile	Jul 5 2009, 07:58 PM Post #33
Trusted Helper Posts: 8,067 OS: XP Pro	QUOTE No CD, Dell did not send one, I can get one. I was thinking that we could run a Command line that would repair any corrupted System Files but in almost all cases you need the Windows CD handy as bad files can be replaced from the CD if they can't be found anywhere else on your machine. You could try running chkdsk and see if that will do the job; it might also ask for the Windows CD but worth a try I think. Go to Windows XP chkdsk for some helpful instructions. Now Please run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :processes :OTL O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab :Commands [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply. Next Download GMER from here Unzip it to the desktop. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for �Show All�. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread. So when you return please post OTL log GMER Rootkit Revealer log and tell me if running Chkdsk has made a difference

jazzy56 View Member Profile	Jul 5 2009, 08:36 PM Post #34
Member Posts: 78 From: LOUISIANA OS: XP media	All processes killed ========== PROCESSES ========== ========== OTL ========== Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: mary shumate ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: mary shumate.D7J9CC91.001 ->Temp folder emptied: 26069 bytes File delete failed. C:\Documents and Settings\mary shumate.D7J9CC91.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 46825164 bytes ->Java cache emptied: 13428734 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 17048 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 57.54 mb OTL by OldTimer - Version 3.0.6.5 log created on 07052009_212523 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

jazzy56 View Member Profile	Jul 6 2009, 12:03 AM Post #35
Member Posts: 78 From: LOUISIANA OS: XP media	More Problems...... At the end of GMER a window pops up: Windows Delayed Write Failure, Data is lost try to save file,I DO NOT know what to do. When I click ok nothing happens and the system freezes. I had to reboot twice.. When I click on anything it takes forever. I will try to run again. This is what I got from the first try. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-06 00:36:41 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT FEDEF050 ZwAlertResumeThread SSDT FEDF3050 ZwAlertThread SSDT FEDF0F40 ZwAllocateVirtualMemory SSDT FEDE1050 ZwAssignProcessToJobObject SSDT FFBBF550 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF478D040] SSDT FEDE5FC0 ZwCreateMutant SSDT FEDDFA78 ZwCreateSymbolicLinkObject SSDT FEE01D30 ZwCreateThread SSDT FEDE2150 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF478D2C0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF478D820] SSDT FEDF1248 ZwDuplicateObject SSDT FEDF0760 ZwFreeVirtualMemory SSDT FEDEA050 ZwImpersonateAnonymousToken SSDT FEDED050 ZwImpersonateThread SSDT FFB18C50 ZwLoadDriver SSDT FEDF05C0 ZwMapViewOfSection SSDT FEDE5180 ZwOpenEvent SSDT FEDF1568 ZwOpenProcess SSDT FEDF8050 ZwOpenProcessToken SSDT FEDE39C8 ZwOpenSection SSDT FEDF13D8 ZwOpenThread SSDT FEDE04B0 ZwProtectVirtualMemory SSDT FEE133B8 ZwResumeThread SSDT FEDF6050 ZwSetContextThread SSDT FEDF02A8 ZwSetInformationProcess SSDT FEDE3740 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF478DA70] SSDT FEDE45D0 ZwSuspendProcess SSDT FEDF4050 ZwSuspendThread SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF46B3DF0] SSDT FEDF5050 ZwTerminateThread SSDT FEDF7050 ZwUnmapViewOfSection SSDT FEDF0B70 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? SYMEFA.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\prodrv06 \Device\ProDrv06 E24096C0 Device \Driver\iastor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E101DA10 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device B74B0D20 AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll 192512 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\System.Design.Resources.dll 139264 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll 155648 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\System.Design.Resources.dll 212992 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Design.Resources.dll 147456 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\System.Design.Resources.dll 167936 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\System.Design.Resources.dll 212992 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini 254 bytes File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\System.Design.Resources.dll 147456 bytes executable File C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini 254 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll 86016 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 302 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll 90112 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 302 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 10240 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 10240 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 10752 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 10240 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 11264 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 10752 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini 276 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini 276 bytes File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll 1564672 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 270 bytes File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll 1564672 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 199 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\mscorcfg.Resources.dll 798720 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\mscorcfg.Resources.dll 765952 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\mscorcfg.Resources.dll 774144 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\mscorcfg.Resources.dll 761856 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\mscorcfg.Resources.dll 761856 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\mscorcfg.Resources.dll 774144 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\mscorcfg.Resources.dll 839680 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\mscorcfg.Resources.dll 925696 bytes executable File C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\Mscorlib.Resources.dll 229376 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_es_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_es_b77a5c561934e089\Mscorlib.Resources.dll 225280 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_fr_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_fr_b77a5c561934e089\Mscorlib.Resources.dll 229376 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_it_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_it_b77a5c561934e089\Mscorlib.Resources.dll 225280 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ja_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ja_b77a5c561934e089\Mscorlib.Resources.dll 258048 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ko_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ko_b77a5c561934e089\Mscorlib.Resources.dll 233472 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHS_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\Mscorlib.Resources.dll 204800 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHT_b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\Mscorlib.Resources.dll 208896 bytes executable File C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\RegCode.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\RegCode.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\RegCode.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\RegCode.Resources.dll 9216 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\RegCode.Resources.dll 9728 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\RegCode.Resources.dll 9728 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\RegCode.Resources.dll 8192 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\RegCode.Resources.dll 8704 bytes executable File C:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0 0 bytes File C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll 77824 bytes executable File C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__AssemblyInfo__.ini 270 bytes File C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll 4096 bytes executable File C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 268 bytes File C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll 4608 bytes executable File C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 198 bytes File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll 27136 bytes executable File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 276 bytes File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll 26112 bytes executable File C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 202 bytes File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll 462848 bytes executable File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 282 bytes File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll 466944 bytes executable File C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 282 bytes File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll 507904 bytes executable File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 292 bytes File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll 573440 bytes executable File C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 292 bytes File C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll 8704 bytes executable File C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 280 bytes File C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll 7680 bytes executable File C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 204 bytes File C:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353 0 bytes File C:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\AxInterop.WT3DLib.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini 215 bytes File C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll 117248 bytes executable File C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 246 bytes File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll 12288 bytes executable File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 272 bytes File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll 12288 bytes executable File C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 200 bytes File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll 34816 bytes executable File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 286 bytes File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll 33792 bytes executable File C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 207 bytes File C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll 102400 bytes executable File C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll 1863680 bytes executable File C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 234 bytes File C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll 192512 bytes executable File C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll 864256 bytes executable File C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 236 bytes File C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll 126976 bytes executable File C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll 110592 bytes executable File C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll 8192 bytes executable File C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll 73728 bytes executable File C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll 167936 bytes executable File C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 240 bytes File C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll 204800 bytes executable File C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 240 bytes File C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll 389120 bytes executable File C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll 18944 bytes executable File C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll 278528 bytes executable File C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 244 bytes File C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll 122880 bytes executable File C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 238 bytes File C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll 53248 bytes executable File C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll 389120 bytes executable File C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini 242 bytes File C:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353 0 bytes File C:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\GemMaster3.dll 147456 bytes executable File C:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini 201 bytes File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll 7168 bytes executable File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 278 bytes File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll 8192 bytes executable File C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 278 bytes File C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 266 bytes File C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini 266 bytes File C:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353 0 bytes File C:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\Interop.WT3DLib.dll 122880 bytes executable File C:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini 211 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClient\1.0.0.29__a922845d7afbdebc 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClient\1.0.0.29__a922845d7afbdebc\Intuit.EntitlementClient.dll 163840 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClient\1.0.0.29__a922845d7afbdebc\__AssemblyInfo__.ini 213 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNative\1.0.0.29__a922845d7afbdebc 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNative\1.0.0.29__a922845d7afbdebc\Intuit.EntitlementClientNative.dll 13824 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNative\1.0.0.29__a922845d7afbdebc\__AssemblyInfo__.ini 219 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNetworkCfg\1.0.0.0__a922845d7afbdebc 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNetworkCfg\1.0.0.0__a922845d7afbdebc\Intuit.EntitlementClientNetworkCfg.dll 10752 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.EntitlementClientNetworkCfg\1.0.0.0__a922845d7afbdebc\__AssemblyInfo__.ini 222 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementCommon\1.0.0.29__a922845d7afbdebc 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.EntitlementCommon\1.0.0.29__a922845d7afbdebc\Intuit.EntitlementCommon.DLL 2179072 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.EntitlementCommon\1.0.0.29__a922845d7afbdebc\__AssemblyInfo__.ini 213 bytes File C:\WINDOWS\assembly\GAC\Intuit.QuickBaseClient\1.0.0.0__cb0580986c179c98 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.QuickBaseClient\1.0.0.0__cb0580986c179c98\Intuit.QuickBaseClient.dll 49152 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.QuickBaseClient\1.0.0.0__cb0580986c179c98\__AssemblyInfo__.ini 210 bytes File C:\WINDOWS\assembly\GAC\Intuit.SupportAssistant\1.0.0.5__69f0000c26e5bc6d 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.SupportAssistant\1.0.0.5__69f0000c26e5bc6d\Intuit.SupportAssistant.dll 405504 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.SupportAssistant\1.0.0.5__69f0000c26e5bc6d\__AssemblyInfo__.ini 211 bytes File C:\WINDOWS\assembly\GAC\Intuit.WinInetClient\1.0.0.29__a922845d7afbdebc 0 bytes File C:\WINDOWS\assembly\GAC\Intuit.WinInetClient\1.0.0.29__a922845d7afbdebc\Intuit.WinInetClient.dll 49152 bytes executable File C:\WINDOWS\assembly\GAC\Intuit.WinInetClient\1.0.0.29__a922845d7afbdebc\__AssemblyInfo__.ini 209 bytes File C:\WINDOWS\assembly\GAC_32\CustomMarshalers 0 bytes File C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll 69120 bytes executable File C:\WINDOWS\assembly\GAC_32\ISymWrapper 0 bytes File C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll 72192 bytes executable File C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc 0 bytes File C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll 163840 bytes executable File C:\WINDOWS\assembly\GAC_32\mscorlib 0 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp 66728 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp 82172 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp 116756 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll 4546560 bytes executable File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp 59342 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp 45794 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp 39284 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp 66384 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp 60294 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp 83748 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp 83748 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp 262148 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp 20320 bytes File C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp 28288 bytes File C:\WINDOWS\assembly\GAC_32\PresentationCore 0 bytes File C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll 4210688 bytes executable File C:\WINDOWS\assembly\GAC_32\System.Data 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll 2933248 bytes executable File C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll 486400 bytes executable File C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices 0 bytes File C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Printing 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll 368640 bytes executable File C:\WINDOWS\assembly\GAC_32\System.Transactions 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll 261632 bytes executable File C:\WINDOWS\assembly\GAC_32\System.Web 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll 5242880 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Accessibility 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll 10752 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll 507904 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\cscompmgd 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll 13312 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IEHost 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll 77824 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\IIEHost 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll 6656 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll 106496 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll 348160 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll 733184 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll 655360 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll 802816 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll 77824 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll 94208 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll 749568 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll 397312 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll 659456 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll 372736 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll 110592 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll 28672 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll 5632 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll 41984 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll 12800 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll 7168 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll 626688 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll 81920 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll 430080 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll 126976 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll 131072 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Management 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll 372736 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll 143360 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Messaging 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll 258048 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Net 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll 233472 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll 303104 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll 598016 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe 46104 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll 5283840 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll 196608 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll 139264 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll 397312 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll 163840 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\PresentationUI 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll 864256 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\ReachFramework 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll 528384 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll 5632 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll 110592 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll 36864 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll 36864 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\sysglobl 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll 110592 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll 188416 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll 966656 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll 61440 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll 839680 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll 5025792 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll 12288 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll 1138688 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll 1630208 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll 540672 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll 507904 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Xml 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll 2048000 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll 139264 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll 131072 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Security 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll 258048 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll 5931008 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll 73728 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll 569344 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll 114688 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Speech 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll 688128 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll 77824 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll 229376 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll 32768 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll 139264 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll 131072 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll 1277952 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll 335872 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll 835584 bytes executable File C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a 0 bytes File C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll 0 bytes ---- EOF - GMER 1.0.15 ---- This post has been edited by jazzy56: Jul 6 2009, 12:14 AM

emeraldnzl View Member Profile	Jul 6 2009, 12:33 AM Post #36
Trusted Helper Posts: 8,067 OS: XP Pro	Hi jazzy56, QUOTE Windows Delayed Write Failure There is some information on this problem at the link below. http://support.microsoft.com/kb/330174 My thought is that unless you are confident to follow their solutions you should seek help from our XP Operating System Forum when you are finished here. I am beginning to think that your machine has technical problems that need a solution from the technical people. I am reluctant to send you there though until I am confident that your machine is clean. We have run some pretty extensive scans so I think we are nearly there. Before we move on, how did the chkdisk go?

jazzy56 View Member Profile	Jul 6 2009, 01:19 AM Post #37
Member Posts: 78 From: LOUISIANA OS: XP media	I have not run it yet but in the klast week I ran it about 3 times and it found nothing. I will run it in a few moments. Thank you so much for all the work you are doing with me. I did get back the Google Toolbar, I downloaded it again and everything I had came back, very strange, it kept all my info and bookmarks. weird.

emeraldnzl View Member Profile	Jul 6 2009, 02:23 AM Post #38
Trusted Helper Posts: 8,067 OS: XP Pro	QUOTE I downloaded it again and everything I had came back, very strange, it kept all my info and bookmarks Yes Firefox keeps them. QUOTE I have not run it yet but in the klast week I ran it about 3 times and it found nothing. Okay then. You may as well run chkdsk again because we have used a number of tools and various files have been removed. Just to cover all bases we will do this one: Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Post a copy of the report back here.

jazzy56 View Member Profile	Jul 6 2009, 03:41 AM Post #39
Member Posts: 78 From: LOUISIANA OS: XP media	I ran CHKDSK again and this time it did something it has not done before. Inserting an Index Intry into Index $0 of file 17104. it was the only thing. Now I will do the next step.

jazzy56 View Member Profile	Jul 6 2009, 04:02 AM Post #40
Member Posts: 78 From: LOUISIANA OS: XP media	Hello, I did not see any drives or menu, a scan ran and it said no virus, it was on Express scan and when I clicked file there was no log to save. Here is what it scanned. Ny boot time is very slow, it takes about 10 minutes before I can use my computer.. Please let me know which of these test I can delete such as Combofix OLT and Antispy,Or do I need to keep them. Thank you M In this mode the following objects are scanned: * Random access memory * Boot sectors of all disks * Startup objects * Boot disk root directory * Root directory of Windows installation disk * Windows system folder * User documents folder ("My documents") * System temporary folder * User temporary folder

emeraldnzl View Member Profile	Jul 6 2009, 04:26 AM Post #41
Trusted Helper Posts: 8,067 OS: XP Pro	Hello again jazzy56, I think your machine is clean of malware. If you still have problems you can start a topic in the XP Operating System forum. Make sure you tell them you have been here first and provide a link. We have a couple of last steps to perform and then you're all set. Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points. Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Step 2 Make sure you have an Internet Connection. Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to. The JavaRa and Dr Web folders/files can be deleted. ------------------------------------------------------------------------------------------------------------------- A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process. ------------------------------------------------------------------------------------------------------------------- Now that you are clean here are some things I think are worth having a look at: --------------------------------------------------------------------------------------------------------------------- Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program: ATF Cleaner -------------------------------------------------------------------------------------------------------------------- A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia. I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow. To bolster your security go to Secunia.com to ensure essential programs are up to date. --------------------------------------------------------------------------------------------------------------------- Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it. Firefox may be downloaded from Here ----------------------------------------------------------------------------------------------------------------------- Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed. ----------------------------------------------------------------------------------------------------------------------- To help protect your computer in the future here are some free programs you can look at: If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place? Have a safe and happy computing day!

jazzy56 View Member Profile	Jul 6 2009, 10:37 AM Post #42
Member Posts: 78 From: LOUISIANA OS: XP media	Thank you for cleaning up my computer, I think I do need to go to teck help as there are a few things that are still not working. I will follow your advice and have started to do so. Do I need to keep Superantispy, it takes a long time to boot because it is there on start up.????? Your help is very much appreciated and I thank you.

emeraldnzl View Member Profile	Jul 6 2009, 03:53 PM Post #43
Trusted Helper Posts: 8,067 OS: XP Pro	QUOTE Do I need to keep Superantispy No just uninstall it. You can always download it again in the future if you find you want it. I will keep this topic open for a short time in case any issues develop. regards emeraldnzl

jazzy56 View Member Profile	Jul 6 2009, 05:06 PM Post #44
Member Posts: 78 From: LOUISIANA OS: XP media	Thank you so much, it really makes me feel better knowing you are still there. I forgot to ask you about the Gmer, can I remove it?? thanks again hope you have a nice vacation. Your help is very much appreciated. M

emeraldnzl View Member Profile	Jul 6 2009, 05:20 PM Post #45
Trusted Helper Posts: 8,067 OS: XP Pro	QUOTE I forgot to ask you about the Gmer, can I remove it?? Gmer should have been removed in the clean up process. If it is still there just delete the folder/files. I am away now for the next few days.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

4 Pages

< 1 2 3 4 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Cannot Run Malwarebytes' Anti-Malware or Super Antispyware	7 / 1,002	18th May 2009 - 10:47 AM doubleleo started - last by admin
Virus, Spyware and Trojan Removal cannot download anything since switching to firefox from ie7 [Solved] 12	16 / 402	23rd June 2009 - 10:29 AM logari started - last by Rorschach112
Virus, Spyware and Trojan Removal nasty virus, malware removal items won't run [Solved] 12	19 / 602	1st September 2009 - 11:25 AM dogman2828 started - last by Essexboy
Virus, Spyware and Trojan Removal Malware Bytes, SPyBot won't run [Solved]	3 / 563	17th September 2009 - 12:27 AM duke2050 started - last by hammerman