Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect Virus [Closed]

Started by melange86 , May 03 2009 10:04 AM

  • This topic is locked This topic is locked

#1
melange86
Posted 03 May 2009 - 10:04 AM

melange86

    Member

  • Member
  • PipPip
  • 19 posts
A couple of weeks ago, I noticed that when I would do searches with Yahoo! I was getting re-directed to other somewhat-related websites. I had to push the back button to get back to the page I was originally intending to go to... like the virus loaded the page but then pushed me through to another website. After that I noticed that my wireless Internet connection was really slow. Then for a couple of days my Internet wouldn't work at all and I tried everything I could think of to fix it (which is limited, because I'm not that knowledgeable about fixing my computer problems.) Today I finally uninstalled my wireless driver and when I restarted my computer, it reinstalled and now it's working, but it's on a very slow connection. And when I go to my "View Wireless Networks" tab, there's no networks in there. My house connection isn't even showing up, but I'm somehow connected to the Internet. Also, when I try to shut down my computer, it won't shut down, it just shows the "Windows is Shutting Down" screen forever so I finally had to turn the power off (which makes me a little uncomfortable.)

I've seen some posts on here where people who have this virus have been helped, but that it's different for every computer -- so I'm hoping someone can tell me how to get rid of this virus. Thank you!

Here is my HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:37 PM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\Desktop\Computer Problems\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060911
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060911
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.ai...AIM.9.5.1.8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10738 bytes

Edited by melange86, 03 May 2009 - 10:09 AM.

  • 0

Advertisements

#2
Blade81
Posted 06 May 2009 - 12:44 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.
  • 0

#3
melange86
Posted 10 May 2009 - 04:50 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
DDS would not work. I could download it to my desktop, but when I double-clicked on it, it popped up super fast and went away immediately. And no logs popped up. I didn't disable any script blocker, because I don't know what that is. I don't have any anti-virus programs running on my computer, as far as I'm aware. As I wait for your reply, I will try to figure out if I have any script blockers and how to turn them off.

GooredFix worked, though. Here's the log for that:

GooredFix v1.92 by jpshortstuff
Log created at 18:47 on 10/05/2009 running Option #1 (Emily)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

Edited by melange86, 10 May 2009 - 04:58 PM.

  • 0

#4
melange86
Posted 10 May 2009 - 05:51 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I've been doing some research and some digging through my computer and I can't find a solution to my script blocker problem. I don't have any virus protection downloaded on my computer (not McAfee, Norton, AVG, anything). I have Ad-Aware installed, but it doesn't run automatically -- only when I tell it to. And I have Yahoo! Toolbar which has a spy-ware protection, but it appears that you have to run it yourself so it doesn't turn off and on. I've never done it -- I just use the toolbar for the buttons. Also, I turned off my Windows Firewall. After all that I tried to run the dds.scr again and it still didn't work.

I even found this list (http://www.bleepingc...opic114351.html) and I don't have anything on there. So I'm not entirely sure what the problem is.
  • 0

#5
Blade81
Posted 11 May 2009 - 09:38 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

It's possible that infection is blocking DDS from running. Please rename dds to something.scr and try running it again. Let me know how it goes :)
  • 0

#6
melange86
Posted 11 May 2009 - 02:20 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I renamed the file to helper.scr and turned off my firewall and tried it again. The same thing happened. When I try to open up the program, this is what I see:

Posted Image

I click the "Run" button, but then the DDS pops up really quick and flashes away immediately. Is this pop-up part of a program (or something) that needs to be turned off?

Also -- another question. Before, I was unable to connect to the Internet with my wireless, so I moved my computer where I had a cable/cord and plugged it in. Now I can get online, which is how I am able to get on this website and download the programs you direct me to. But now that I am on the cord, I think the virus may be spreading to the main computer in my house. This computer is in another room and it's the one connected to the router and everything. I was on it last night, and Mozilla Firefox crashed -- which is what it has been doing on my computer that already has the virus. The other computer had not done this before as far as I'm aware. So I'm worried that the virus is spreading. Is that possible?
  • 0

#7
Blade81
Posted 12 May 2009 - 09:14 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

To play safe please keep the other system disconnected from the network when this one is connected.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

  • 0

#8
melange86
Posted 12 May 2009 - 07:01 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Emily at 2009-05-12 20:59:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 52 GB
Total RAM: 502 MB (26% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-05-03 98304]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-09-15 57344]
"MBMon"=Rundll32 CTMBHA.DLL,MBMon []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"VoiceCenter"=C:\Program Files\Creative\VoiceCenter\AndreaVC.exe [2005-09-19 1159168]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"DXDllRegExe"=dxdllreg.exe []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-06-11 185784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Disabled:Microsoft ® HTML Application host"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c5cee1f-3b61-11de-97c1-0018f8a7c7ec}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6052e2f6-7c09-11db-95e0-001676b04a4d}]
shell\AutoRun\command - G:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-05-12 20:59:55 ----D---- C:\rsit
2009-05-11 15:56:33 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-10 19:38:38 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-10 19:29:32 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-05-10 19:29:31 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-05-10 19:29:31 ----A---- C:\WINDOWS\system32\secedit.exe
2009-05-10 19:29:31 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\encapi.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\bthci.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-10 19:29:30 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\mssap.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-05-10 19:29:29 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\twext.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\p2p.dll
2009-05-10 19:29:28 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-05-10 19:29:24 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-10 19:29:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-10 19:29:24 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-05-10 19:29:24 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-05-10 19:29:21 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-05-10 19:29:21 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-05-10 19:29:21 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-05-10 19:29:21 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-05-10 19:29:20 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-05-10 19:29:20 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-05-10 19:29:20 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-05-10 19:29:20 ----A---- C:\WINDOWS\system32\appmgmts.dll
2009-05-10 19:29:20 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\taskkill.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\logman.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\gptext.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\getmac.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\fde.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-05-10 19:29:19 ----A---- C:\WINDOWS\system32\cipher.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\wsecedit.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tracerpt.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\nwapi32.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqise.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-05-10 19:29:18 ----A---- C:\WINDOWS\system32\mqad.dll
2009-05-10 19:28:59 ----A---- C:\WINDOWS\winhlp32.exe
2009-05-10 19:28:59 ----A---- C:\WINDOWS\twain_32.dll
2009-05-10 19:28:59 ----A---- C:\WINDOWS\regedit.exe
2009-05-10 19:28:59 ----A---- C:\WINDOWS\hh.exe
2009-05-10 19:28:59 ----A---- C:\WINDOWS\explorer.exe
2009-05-10 19:28:58 ----A---- C:\WINDOWS\system32\activeds.dll
2009-05-10 19:28:58 ----A---- C:\WINDOWS\system32\aclui.dll
2009-05-10 19:28:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-10 19:28:58 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\authz.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\attrib.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\atl.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\at.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\amstream.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\alg.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\ahui.exe
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-05-10 19:28:57 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cic.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\certcli.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\camocx.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cabview.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\browseui.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\browser.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\browselc.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-05-10 19:28:56 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-05-10 19:28:55 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\conime.exe
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\comres.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\compstui.dll
2009-05-10 19:28:54 ----A---- C:\WINDOWS\system32\compatui.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\csrss.exe
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cscui.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cscript.exe
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\credui.dll
2009-05-10 19:28:53 ----A---- C:\WINDOWS\system32\corpol.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\devenum.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\defrag.exe
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\datime.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\danim.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-05-10 19:28:52 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmime.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmband.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dispex.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dinput.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\digest.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\diantz.exe
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-05-10 19:28:51 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-05-10 19:28:50 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\duser.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dswave.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dssec.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsound.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-05-10 19:28:49 ----A---- C:\WINDOWS\system32\drprov.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\esent.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\es.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\els.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-05-10 19:28:48 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fontview.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fontext.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\findstr.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\feclient.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\exts.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-05-10 19:28:47 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\glu32.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-05-10 19:28:46 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\icmp.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\icm32.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\htui.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hlink.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hid.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-05-10 19:28:45 ----A---- C:\WINDOWS\system32\help.exe
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\input.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\initpki.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\imm32.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\imapi.exe
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\idq.dll
2009-05-10 19:28:44 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\jscript.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\itss.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\itircl.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-05-10 19:28:43 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\makecab.exe
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\magnify.exe
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\lsass.exe
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\lpk.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\logonui.exe
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\localui.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\localsec.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\licdll.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-05-10 19:28:42 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mmc.exe
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mlang.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\midimap.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-05-10 19:28:41 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msdart.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msctf.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mscms.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msafd.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mpr.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\moricons.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\more.com
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\modemui.dll
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-05-10 19:28:40 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-05-10 19:28:39 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-10 19:28:39 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-10 19:28:38 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msisip.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msidle.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msident.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msi.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msgina.dll
2009-05-10 19:28:37 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msutb.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-10 19:28:36 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msxml.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-05-10 19:28:35 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\narrator.exe
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-10 19:28:34 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netsh.exe
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netrap.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netman.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netid.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netdde.exe
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\net1.exe
2009-05-10 19:28:33 ----A---- C:\WINDOWS\system32\net.exe
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\objsel.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\oakley.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\npptools.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\notepad.exe
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\newdev.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\netui1.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\netui0.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\netstat.exe
2009-05-10 19:28:32 ----A---- C:\WINDOWS\system32\netshell.dll
2009-05-10 19:28:32 ----A---- C:\WINDOWS\notepad.exe
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\ole32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-05-10 19:28:31 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\perfos.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\pdh.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\packager.exe
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\osk.exe
2009-05-10 19:28:30 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\qcap.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\psbase.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\psapi.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\proquota.exe
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\progman.exe
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\profmap.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\polstore.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\ping.exe
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\pid.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-05-10 19:28:29 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qedit.dll
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-05-10 19:28:28 ----A---- C:\WINDOWS\system32\qdv.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\riched20.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rexec.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\resutils.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\regapi.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\reg.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rcp.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rastls.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\raschap.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\query.dll
2009-05-10 19:28:27 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\scecli.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\runonce.exe
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rsh.exe
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-05-10 19:28:26 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-05-10 19:28:25 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\security.dll
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\secur32.dll
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-05-10 19:28:24 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sfc.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\setup.exe
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sethc.exe
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sens.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-05-10 19:28:23 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-05-10 19:28:22 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-05-10 19:28:21 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-05-10 19:28:21 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-05-10 19:28:20 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-05-10 19:28:20 ----A---- C:\WINDOWS\system32\shgina.dll
2009-05-10 19:28:20 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-05-10 19:28:20 ----A---- C:\WINDOWS\system32\shell32.dll
2009-05-10 19:28:20 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\skeys.exe
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-05-10 19:28:19 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\sort.exe
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-05-10 19:28:18 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\syncui.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\synceng.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\sxs.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\svchost.exe
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\stobject.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\stimon.exe
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-05-10 19:28:16 ----A---- C:\WINDOWS\system32\sti.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tree.com
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tracert.exe
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\themeui.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\telnet.exe
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-05-10 19:28:15 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\userenv.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\user32.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\ups.exe
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\upnp.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\uniime.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\txflog.dll
2009-05-10 19:28:14 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\w32time.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\version.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\verifier.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\utilman.exe
2009-05-10 19:28:13 ----A---- C:\WINDOWS\system32\usp10.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wextract.exe
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\webvw.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-05-10 19:28:12 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wow32.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wmi.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winver.exe
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winsta.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winscard.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-05-10 19:28:11 ----A---- C:\WINDOWS\system32\winmm.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wship6.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wshext.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wscript.exe
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-05-10 19:28:10 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\cmd.exe
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\cacls.exe
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\autochk.exe
2009-05-10 19:28:09 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-05-10 19:28:08 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-05-10 19:28:08 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\locator.exe
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\ftp.exe
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\format.com
2009-05-10 19:28:07 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\rasman.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\printui.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-10 19:28:06 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\smss.exe
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\services.exe
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\schannel.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\savedump.exe
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\samlib.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-05-10 19:28:05 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\untfs.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\ulib.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-10 19:28:04 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-05-10 19:27:59 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-10 19:27:59 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-05-10 19:27:59 ----A---- C:\WINDOWS\system32\hal.dll
2009-05-10 19:27:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-10 19:08:09 ----D---- C:\Documents and Settings\Emily\Application Data\WildTangent
2009-05-10 19:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-05-10 18:56:26 ----D---- C:\Program Files\Common Files\Scanner
2009-05-03 11:11:32 ----D---- C:\WINDOWS\Prefetch
2009-04-28 21:11:55 ----A---- C:\WINDOWS\setuplog.txt
2009-04-28 21:10:35 ----D---- C:\WINDOWS\system32\scripting
2009-04-28 21:10:34 ----D---- C:\WINDOWS\l2schemas
2009-04-28 21:10:33 ----D---- C:\WINDOWS\system32\en
2009-04-28 21:10:33 ----D---- C:\WINDOWS\system32\bits
2009-04-28 21:05:12 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-04-17 00:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 00:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 00:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 00:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 00:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 00:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-13 21:12:18 ----D---- C:\Program Files\iPod
2009-04-13 21:11:59 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 21:09:06 ----D---- C:\Program Files\QuickTime
2009-04-13 21:08:10 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-05-12 20:58:46 ----D---- C:\Program Files\Mozilla Firefox
2009-05-12 20:52:37 ----D---- C:\WINDOWS\Temp
2009-05-12 20:52:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-12 20:52:35 ----D---- C:\WINDOWS\Registration
2009-05-12 20:52:33 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-05-12 20:52:25 ----D---- C:\WINDOWS
2009-05-11 22:48:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-11 21:24:57 ----D---- C:\Documents and Settings\Emily\Application Data\Move Networks
2009-05-11 15:59:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-11 15:51:17 ----D---- C:\WINDOWS\system32
2009-05-11 15:50:12 ----D---- C:\WINDOWS\system32\drivers
2009-05-11 15:49:20 ----D---- C:\WINDOWS\system32\wbem
2009-05-11 15:49:16 ----D---- C:\WINDOWS\system32\usmt
2009-05-11 15:49:14 ----D---- C:\WINDOWS\system32\Setup
2009-05-11 15:49:14 ----D---- C:\WINDOWS\system32\Restore
2009-05-11 15:49:13 ----D---- C:\WINDOWS\system32\oobe
2009-05-11 15:49:13 ----D---- C:\WINDOWS\system32\npp
2009-05-11 15:48:58 ----D---- C:\WINDOWS\system32\dllcache
2009-05-11 15:48:47 ----D---- C:\WINDOWS\system32\Com
2009-05-11 15:47:27 ----D---- C:\WINDOWS\system
2009-05-11 15:47:27 ----D---- C:\WINDOWS\srchasst
2009-05-11 15:47:27 ----D---- C:\WINDOWS\PeerNet
2009-05-11 15:47:26 ----D---- C:\WINDOWS\network diagnostic
2009-05-11 15:47:26 ----D---- C:\WINDOWS\mui
2009-05-11 15:47:25 ----D---- C:\WINDOWS\msagent
2009-05-11 15:47:22 ----HD---- C:\WINDOWS\inf
2009-05-11 15:47:15 ----D---- C:\WINDOWS\ime
2009-05-11 15:47:14 ----D---- C:\WINDOWS\Help
2009-05-11 15:47:13 ----RSD---- C:\WINDOWS\Fonts
2009-05-11 15:47:08 ----D---- C:\WINDOWS\AppPatch
2009-05-11 15:47:05 ----D---- C:\Program Files\Windows NT
2009-05-11 15:47:05 ----D---- C:\Program Files\Outlook Express
2009-05-11 15:47:04 ----D---- C:\Program Files\NetMeeting
2009-05-11 15:47:02 ----D---- C:\Program Files\Movie Maker
2009-05-11 15:47:01 ----D---- C:\Program Files\Messenger
2009-05-11 15:46:57 ----D---- C:\Program Files\Common Files\System
2009-05-11 15:46:55 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-10 19:44:37 ----D---- C:\WINDOWS\WinSxS
2009-05-10 19:43:44 ----D---- C:\WINDOWS\system32\en-US
2009-05-10 19:39:02 ----D---- C:\Program Files
2009-05-10 19:38:31 ----D---- C:\WINDOWS\security
2009-05-10 19:38:09 ----D---- C:\Program Files\Yahoo!
2009-05-10 19:27:33 ----D---- C:\WINDOWS\ehome
2009-05-10 19:22:38 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-10 18:56:26 ----D---- C:\Program Files\Common Files
2009-05-02 16:31:32 ----SD---- C:\WINDOWS\Tasks
2009-04-28 21:10:34 ----SHD---- C:\WINDOWS\Installer
2009-04-28 21:04:06 ----A---- C:\WINDOWS\imsins.BAK
2009-04-19 17:25:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 00:05:23 ----D---- C:\Program Files\Internet Explorer
2009-04-17 00:02:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-13 21:12:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-13 21:12:41 ----D---- C:\Program Files\iTunes
2009-04-13 21:11:53 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-04 20747]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 a0vabr8w;a0vabr8w; C:\WINDOWS\system32\drivers\a0vabr8w.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-09 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-09-11 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-19 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2008-01-08 181784]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------


and


info.txt logfile of random's system information tool 1.06 2009-05-12 21:00:50

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Lightroom 2.2-->MsiExec.exe /I{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8-->C:\Program Files\Common Files\YGP\Plugins\AIM\9_5_1_8a\YGPInstallerAim.exe /u -d"AIM" -p"AIM" -len-US-AIM
Alien Skin Exposure 2 Demo-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\EXPOSU~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\EXPOSU~1\INSTALL.LOG
Alien Skin Exposure-->C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\Exposure\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\ALIENS~2\Exposure\INSTALL.LOG
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BitComet 1.03-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon EOS-1D Mark II N WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35260E0B-A8C2-4D25-97E2-448DE7275C85} /l1033
Canon EOS-1Ds Mark II WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.1-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Catz 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\MY STUFF\Program Files\Catz 5\Uninst\setup.exe" -l0x9
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Emily\Desktop\Computer Problems\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Last.fm 1.5.1.29527-->"C:\Program Files\Last.fm\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel 2003-->MsiExec.exe /I{90160409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mulberry-->C:\WINDOWS\unvise32.exe C:\Program Files\Mulberry\uninstal.log
Neat Image v5 Demo (with plug-in)-->"C:\Program Files\Neat Image\unins000.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PetzA 2.2.5-->"G:\MY STUFF\Program Files\PetzA\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Advanced Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Ulead MediaStudio Pro 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890927-->C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL

======Security center information======

FW: Norton Internet Worm Protection (disabled)

======System event log======

Computer Name: EMILYPC
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{EE74B064-EC20-4FD3-9F7E-10DD4D4B36EF}.

Record Number: 50927
Source Name: Server
Time Written: 20090323135339.000000-240
Event Type: warning
User:

Computer Name: EMILYPC
Event Code: 1002
Message: The IP address lease 192.168.1.102 for the Network Card with network address 0018F8A7C7EC has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 50906
Source Name: Dhcp
Time Written: 20090323135309.000000-240
Event Type: error
User:

Computer Name: EMILYPC
Event Code: 1002
Message: The IP address lease 192.168.1.102 for the Network Card with network address 0018F8A7C7EC has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 50857
Source Name: Dhcp
Time Written: 20090322121145.000000-240
Event Type: error
User:

Computer Name: EMILYPC
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.1.102 for the Network Card
with network address 0018F8A7C7EC is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 50849
Source Name: Dhcp
Time Written: 20090322025357.000000-240
Event Type: warning
User:

Computer Name: EMILYPC
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0018F8A7C7EC. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 50769
Source Name: Dhcp
Time Written: 20090319181209.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: EMILYPC
Event Code: 1517
Message: Windows saved user EMILYPC\Emily registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15114
Source Name: Userenv
Time Written: 20080514020038.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: EMILYPC
Event Code: 1517
Message: Windows saved user EMILYPC\Emily registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15087
Source Name: Userenv
Time Written: 20080513205759.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: EMILYPC
Event Code: 1517
Message: Windows saved user EMILYPC\Emily registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14972
Source Name: Userenv
Time Written: 20080513010417.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: EMILYPC
Event Code: 1517
Message: Windows saved user EMILYPC\Emily registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14933
Source Name: Userenv
Time Written: 20080512003220.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: EMILYPC
Event Code: 1517
Message: Windows saved user EMILYPC\Emily registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14907
Source Name: Userenv
Time Written: 20080511220533.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"VERSION"=3.5.0
"SESSIONID"=1237233586911g1u0358c.austin.hp.com4488bcf9:1205c1f0ad7:-25be
"COLLECTIONID"=COL6400
"ITEMID"=ps-19683-3
"UPDATEDIR"=C:\DOCUME~1\Emily\LOCALS~1\Temp\rad2BB1E.tmp
"TOOLPATH"=/C:/Program%20Files/HP/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#9
Blade81
Posted 13 May 2009 - 09:36 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi again,

You seem to have P2P file sharing software installed there. Nowadays major part of infections are received from P2P networks and that's why I recommend to uninstall such software.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.



See also if you can run DDS now (rename DDS to dds.com).
  • 0

#10
melange86
Posted 14 May 2009 - 06:17 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the ComboFix log:

ComboFix 09-05-14.03 - Emily 05/14/2009 19:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.271 [GMT -4:00]
Running from: c:\documents and settings\Emily\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-13 00:59 . 2009-05-13 01:00 -------- d-----w C:\rsit
2009-05-10 23:38 . 2009-05-10 23:44 -------- d-----w c:\windows\ServicePackFiles
2009-05-10 23:28 . 2007-06-13 10:23 1033216 ----a-w c:\windows\system32\dllcache\explorer.exe
2009-05-10 23:27 . 2004-08-04 03:01 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 23:08 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\Emily\Application Data\WildTangent
2009-05-10 23:07 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-05-10 22:56 . 2009-05-10 22:56 -------- d-----w c:\program files\Common Files\Scanner
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\scripting
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\l2schemas
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\en
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\system32\bits
2009-04-29 01:05 . 2007-08-11 00:46 33656 ----a-w c:\windows\system32\sprecovr.exe
2009-04-17 01:46 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 20:11 . 2006-09-14 20:56 90528 ----a-w c:\documents and settings\Emily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 23:38 . 2006-09-14 20:28 -------- d-----w c:\program files\Yahoo!
2009-05-06 00:26 . 2006-09-14 23:11 54836 ----a-w c:\documents and settings\Emily\Application Data\wklnhst.dat
2009-04-14 01:12 . 2006-09-14 21:34 -------- d-----w c:\program files\iTunes
2009-04-14 01:12 . 2009-04-14 01:12 -------- d-----w c:\program files\iPod
2009-04-14 01:11 . 2007-07-02 03:12 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 01:09 . 2009-04-14 01:09 -------- d-----w c:\program files\QuickTime
2009-04-05 18:17 . 2006-09-12 02:22 -------- d-----w c:\program files\Java
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-02-19 16:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2009-05-10 23:28 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 02:41 . 2009-02-24 02:41 53248 ----a-w c:\documents and settings\Emily\lametritonus_en.dll
2009-02-24 02:41 . 2009-02-24 02:41 162304 ----a-w c:\documents and settings\Emily\lame_enc_en.dll
2009-02-20 18:09 . 2005-08-16 08:18 78336 ----a-w c:\windows\system32\ieencode.dll
2007-08-02 02:52 . 2006-09-14 22:09 88 --sh--r c:\windows\system32\9EEE86D673.sys
2007-08-02 02:52 . 2006-09-14 22:09 3610 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-12 185784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-11 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8760:TCP"= 8760:TCP:BitComet 8760 TCP
"8760:UDP"= 8760:UDP:BitComet 8760 UDP
"16213:TCP"= 16213:TCP:BitComet 16213 TCP
"16213:UDP"= 16213:UDP:BitComet 16213 UDP
"17453:TCP"= 17453:TCP:BitComet 17453 TCP
"17453:UDP"= 17453:UDP:BitComet 17453 UDP
"7711:TCP"= 7711:TCP:BitComet 7711 TCP
"7711:UDP"= 7711:UDP:BitComet 7711 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2007 1:35 PM 24652]
S2 2089B345772E4F9C3D4C646BB2A68E90;2089B345772E4F9C3D4C646BB2A68E90;cmd /k start /i "/dC:" "c:\combofix\HIDEC.exe" "c:\combofix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q --> cmd [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c5cee1f-3b61-11de-97c1-0018f8a7c7ec}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6052e2f6-7c09-11db-95e0-001676b04a4d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Emily\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2089B345772E4F9C3D4C646BB2A68E90]
"ImagePath"="cmd /k start /i \"/d%systemdrive%\" \"c:\combofix\HIDEC.exe\" \"c:\combofix\SWREG.EXE\" ACL \"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep\" /RESET /Q"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-979388181-2800075177-83406188-1005\Software\SecuROM\License information*]
"datasecu"=hex:fc,de,d8,19,35,4b,f7,73,73,47,6e,b5,c6,56,f1,cb,63,27,b9,8b,75,
9c,79,81,52,f1,96,1e,e4,ce,50,47,62,d4,e2,97,e2,b7,f5,2a,7a,7e,38,c1,c8,eb,\
"rkeysecu"=hex:73,31,f9,4f,33,05,85,d1,76,19,ea,fe,1b,e7,8b,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\docume~1\Emily\LOCALS~1\temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-14 20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 00:03

Pre-Run: 8,730,890,240 bytes free
Post-Run: 9,150,930,944 bytes free

207 --- E O F --- 2009-05-11 19:51
  • 0

Advertisements

#11
melange86
Posted 14 May 2009 - 06:21 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here are the 2 DDS logs (it worked this time, yay!)


DDS (Ver_09-05-14.01) - NTFSx86
Run by Emily at 20:18:55.92 on Thu 05/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.130 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\Emily\LOCALS~1\Temp\clclean.0001
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\Desktop\dds.com.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\26di48gh.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\emily\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-28 24652]
S2 2089B345772E4F9C3D4C646BB2A68E90;2089B345772E4F9C3D4C646BB2A68E90;cmd /k start /i "/dC:" "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\LEGACY_Beep" /RESET /Q --> cmd [?]

=============== Created Last 30 ================

2009-05-14 18:16 <DIR> a-dshr-- C:\cmdcons
2009-05-14 18:14 161,792 a------- c:\windows\SWREG.exe
2009-05-14 18:14 98,816 a------- c:\windows\sed.exe
2009-05-10 19:38 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-10 19:28 1,033,216 a------- c:\windows\system32\dllcache\explorer.exe
2009-05-10 19:27 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-05-10 19:08 <DIR> --d----- c:\docume~1\emily\applic~1\WildTangent
2009-05-10 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2009-05-10 18:56 <DIR> --d----- c:\program files\common files\Scanner
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\scripting
2009-04-28 21:10 <DIR> --d----- c:\windows\l2schemas
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\en
2009-04-28 21:10 <DIR> --d----- c:\windows\system32\bits
2009-04-28 21:05 33,656 a------- c:\windows\system32\sprecovr.exe
2009-04-16 21:46 35,328 -------- c:\windows\system32\dllcache\sc.exe

==================== Find3M ====================

2009-05-05 20:26 54,836 a------- c:\docume~1\emily\applic~1\wklnhst.dat
2009-05-02 16:32 89,343 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-23 22:41 53,248 a------- c:\documents and settings\emily\lametritonus_en.dll
2009-02-23 22:41 162,304 a------- c:\documents and settings\emily\lame_enc_en.dll
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-01-07 21:01 90,528 a------- c:\docume~1\emily\applic~1\GDIPFONTCACHEV1.DAT
2007-08-01 22:52 88 ---shr-- c:\windows\system32\9EEE86D673.sys
2007-08-01 22:52 3,610 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:19:31.50 ===============


and...



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/14/2006 4:15:39 PM
System Uptime: 5/14/2009 7:53:23 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WJ770
Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 8.597 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 18.032 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 466 GiB total, 445.812 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP862: 3/29/2009 3:29:03 PM - System Checkpoint
RP863: 3/29/2009 11:11:57 PM - Software Distribution Service 3.0
RP864: 3/30/2009 10:54:36 PM - Software Distribution Service 3.0
RP865: 3/31/2009 7:23:21 PM - Installed HP Unload DLL Patch
RP866: 3/31/2009 11:24:47 PM - Software Distribution Service 3.0
RP867: 4/1/2009 8:28:13 PM - Software Distribution Service 3.0
RP868: 4/2/2009 11:32:00 PM - Software Distribution Service 3.0
RP869: 4/5/2009 2:17:05 PM - Installed Java™ 6 Update 13
RP870: 4/5/2009 3:44:17 PM - Software Distribution Service 3.0
RP871: 4/6/2009 4:40:41 PM - System Checkpoint
RP872: 4/6/2009 10:59:19 PM - Software Distribution Service 3.0
RP873: 4/7/2009 9:21:44 PM - Software Distribution Service 3.0
RP874: 4/8/2009 10:08:47 PM - Software Distribution Service 3.0
RP875: 4/9/2009 11:11:52 PM - Software Distribution Service 3.0
RP876: 4/11/2009 12:59:50 PM - System Checkpoint
RP877: 4/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP878: 4/12/2009 11:42:03 PM - Software Distribution Service 3.0
RP879: 4/14/2009 6:56:11 PM - System Checkpoint
RP880: 4/15/2009 9:34:11 PM - System Checkpoint
RP881: 4/16/2009 10:24:28 PM - System Checkpoint
RP882: 4/17/2009 12:01:15 AM - Software Distribution Service 3.0
RP883: 4/20/2009 2:43:51 PM - System Checkpoint
RP884: 4/21/2009 7:47:17 PM - System Checkpoint
RP885: 4/22/2009 8:55:35 PM - System Checkpoint
RP886: 4/26/2009 9:41:25 PM - System Checkpoint
RP887: 4/28/2009 8:55:12 PM - Software Distribution Service 3.0
RP888: 5/3/2009 4:54:16 PM - System Checkpoint
RP889: 5/4/2009 12:18:39 AM - Software Distribution Service 3.0
RP890: 5/5/2009 8:56:39 PM - System Checkpoint
RP891: 5/6/2009 9:22:07 PM - System Checkpoint
RP892: 5/10/2009 5:11:22 PM - System Checkpoint
RP893: 5/10/2009 7:22:03 PM - Software Distribution Service 3.0
RP894: 5/11/2009 8:03:12 PM - System Checkpoint
RP895: 5/13/2009 8:35:42 PM - System Checkpoint

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
3ivx D4 4.5.1 (remove only)
AC3Filter (remove only)
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.2
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
AiO_Scan
AIOMinimal
AiOSoftware
Alien Skin Exposure
Alien Skin Exposure 2 Demo
Andrea VoiceCenter
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BitComet 1.03
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catz 5
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
ConvertHelper 2.1
Copy
Creative MediaSource
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Director
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
Documentation & Support Launcher
EducateU
ELIcon
Fax
FLV Player 2.0, build 24
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java™ 6 Update 13
Java™ 6 Update 7
Last.fm 1.5.1.29527
Learn2 Player (Uninstall Only)
LimeWire 4.16.6
Linksys Wireless-G PCI Adapter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Move Media Player
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mulberry
Neat Image v5 Demo (with plug-in)
NetWaiting
overland
PDF Settings
PetzA 2.2.5
PhotoGallery
PowerDVD
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SkinsHP1
SkinsHP2
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Symantec KB-DocID:2003093015493306
TrayApp
Ulead MediaStudio Pro 8.0
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VideoLAN VLC media player 0.8.6a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
XviD MPEG-4 Video Codec
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

5/14/2009 7:56:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HESKETT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A372FA7D-B25B-4945-8. The master browser is stopping or an election is being forced.
5/14/2009 7:54:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 66C4F9E4629D7EAF01FF61F770DE08CA service to connect.
5/14/2009 7:52:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AF520601DBD601431BD491E62629D7B5 service to connect.
5/14/2009 7:48:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 35C8193204E38ED9F3391EA9355E4571 service to connect.
5/14/2009 7:46:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 2089B345772E4F9C3D4C646BB2A68E90 service to connect.
5/14/2009 7:46:14 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

==== End Of File ===========================
  • 0

#12
Blade81
Posted 15 May 2009 - 11:04 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi again,

Uninstall these two vulnerable Javas:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 7


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let ComboFix update if asked for permission to do so).
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running?
  • 0

#13
melange86
Posted 16 May 2009 - 03:06 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was unable to install the 2 Java programs and the Adobe Reader, because I got this warning:

Posted Image

And here's my second ComboFix log:

ComboFix 09-05-16.03 - Emily 05/16/2009 16:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.268 [GMT -4:00]
Running from: c:\documents and settings\Emily\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Emily\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-18\Dc230.gif
c:\recycler\S-1-5-18\Dc231.html
c:\recycler\S-1-5-18\Dc232.gif
c:\recycler\S-1-5-18\Dc235.gif
c:\recycler\S-1-5-18\Dc236.gif
c:\recycler\S-1-5-18\Dc237.dll
c:\recycler\S-1-5-18\Dc24.gif
c:\recycler\S-1-5-18\Dc246.gif
c:\recycler\S-1-5-18\Dc247.html
c:\recycler\S-1-5-18\Dc248.gif
c:\recycler\S-1-5-18\Dc25.gif
c:\recycler\S-1-5-18\Dc251.gif
c:\recycler\S-1-5-18\Dc252.gif
c:\recycler\S-1-5-18\Dc253.dll
c:\recycler\S-1-5-18\Dc259.gif
c:\recycler\S-1-5-18\Dc26.dll
c:\recycler\S-1-5-18\Dc260.html
c:\recycler\S-1-5-18\Dc261.gif
c:\recycler\S-1-5-18\Dc264.gif
c:\recycler\S-1-5-18\Dc265.gif
c:\recycler\S-1-5-18\Dc266.dll
c:\recycler\S-1-5-18\Dc27.gif
c:\recycler\S-1-5-18\Dc28.gif
c:\recycler\S-1-5-18\Dc29.dll
c:\recycler\S-1-5-18\Dc3.gif
c:\recycler\S-1-5-18\Dc3.html
c:\recycler\S-1-5-18\Dc30.gif
c:\recycler\S-1-5-18\Dc31.gif
c:\recycler\S-1-5-18\Dc32.dll
c:\recycler\S-1-5-18\Dc326.gif
c:\recycler\S-1-5-18\Dc327.html
c:\recycler\S-1-5-18\Dc328.gif
c:\recycler\S-1-5-18\Dc331.gif
c:\recycler\S-1-5-18\Dc332.gif
c:\recycler\S-1-5-18\Dc333.dll
c:\recycler\S-1-5-18\Dc334.gif
c:\recycler\S-1-5-18\Dc335.html
c:\recycler\S-1-5-18\Dc336.gif
c:\recycler\S-1-5-18\Dc339.gif
c:\recycler\S-1-5-18\Dc340.gif
c:\recycler\S-1-5-18\Dc341.dll
c:\recycler\S-1-5-18\Dc343.gif
c:\recycler\S-1-5-18\Dc344.html
c:\recycler\S-1-5-18\Dc345.gif
c:\recycler\S-1-5-18\Dc348.gif
c:\recycler\S-1-5-18\Dc349.gif
c:\recycler\S-1-5-18\Dc350.dll
c:\recycler\S-1-5-18\Dc351.gif
c:\recycler\S-1-5-18\Dc352.html
c:\recycler\S-1-5-18\Dc353.gif
c:\recycler\S-1-5-18\Dc356.gif
c:\recycler\S-1-5-18\Dc357.gif
c:\recycler\S-1-5-18\Dc358.dll
c:\recycler\S-1-5-18\Dc38.gif
c:\recycler\S-1-5-18\Dc39.html
c:\recycler\S-1-5-18\Dc396.gif
c:\recycler\S-1-5-18\Dc397.html
c:\recycler\S-1-5-18\Dc398.gif
c:\recycler\S-1-5-18\Dc4.gif
c:\recycler\S-1-5-18\Dc4.html
c:\recycler\S-1-5-18\Dc40.gif
c:\recycler\S-1-5-18\Dc401.gif
c:\recycler\S-1-5-18\Dc402.gif
c:\recycler\S-1-5-18\Dc403.dll
c:\recycler\S-1-5-18\Dc43.gif
c:\recycler\S-1-5-18\Dc44.gif
c:\recycler\S-1-5-18\Dc45.dll
c:\recycler\S-1-5-18\Dc451.gif
c:\recycler\S-1-5-18\Dc452.html
c:\recycler\S-1-5-18\Dc453.gif
c:\recycler\S-1-5-18\Dc456.gif
c:\recycler\S-1-5-18\Dc457.gif
c:\recycler\S-1-5-18\Dc458.dll
c:\recycler\S-1-5-18\Dc459.gif
c:\recycler\S-1-5-18\Dc460.html
c:\recycler\S-1-5-18\Dc461.gif
c:\recycler\S-1-5-18\Dc464.gif
c:\recycler\S-1-5-18\Dc465.gif
c:\recycler\S-1-5-18\Dc466.dll
c:\recycler\S-1-5-18\Dc5.gif
c:\recycler\S-1-5-18\Dc50.gif
c:\recycler\S-1-5-18\Dc51.html
c:\recycler\S-1-5-18\Dc52.gif
c:\recycler\S-1-5-18\Dc55.gif
c:\recycler\S-1-5-18\Dc56.gif
c:\recycler\S-1-5-18\Dc57.dll
c:\recycler\S-1-5-18\Dc6.gif
c:\recycler\S-1-5-18\Dc7.html
c:\recycler\S-1-5-18\Dc8.gif
c:\recycler\S-1-5-18\Dc9.gif
c:\recycler\S-1-5-18\INFO2

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-13 00:59 . 2009-05-13 01:00 -------- d-----w C:\rsit
2009-05-10 23:38 . 2009-05-10 23:44 -------- d-----w c:\windows\ServicePackFiles
2009-05-10 23:28 . 2007-06-13 10:23 1033216 ----a-w c:\windows\system32\dllcache\explorer.exe
2009-05-10 23:27 . 2004-08-04 03:01 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 23:08 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\Emily\Application Data\WildTangent
2009-05-10 23:07 . 2009-05-10 23:08 -------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-05-10 22:56 . 2009-05-10 22:56 -------- d-----w c:\program files\Common Files\Scanner
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\scripting
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\l2schemas
2009-04-29 01:10 . 2009-05-10 23:43 -------- d-----w c:\windows\system32\en
2009-04-29 01:10 . 2009-05-11 19:46 -------- d-----w c:\windows\system32\bits
2009-04-29 01:05 . 2007-08-11 00:46 33656 ----a-w c:\windows\system32\sprecovr.exe
2009-04-17 01:46 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 00:36 . 2006-09-15 00:55 -------- d-----w c:\program files\LimeWire
2009-05-11 20:11 . 2006-09-14 20:56 90528 ----a-w c:\documents and settings\Emily\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 23:38 . 2006-09-14 20:28 -------- d-----w c:\program files\Yahoo!
2009-05-06 00:26 . 2006-09-14 23:11 54836 ----a-w c:\documents and settings\Emily\Application Data\wklnhst.dat
2009-04-14 01:12 . 2006-09-14 21:34 -------- d-----w c:\program files\iTunes
2009-04-14 01:12 . 2009-04-14 01:12 -------- d-----w c:\program files\iPod
2009-04-14 01:11 . 2007-07-02 03:12 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 01:09 . 2009-04-14 01:09 -------- d-----w c:\program files\QuickTime
2009-04-05 18:17 . 2006-09-12 02:22 -------- d-----w c:\program files\Java
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-02-19 16:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2009-05-10 23:28 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 02:41 . 2009-02-24 02:41 53248 ----a-w c:\documents and settings\Emily\lametritonus_en.dll
2009-02-24 02:41 . 2009-02-24 02:41 162304 ----a-w c:\documents and settings\Emily\lame_enc_en.dll
2009-02-20 18:09 . 2005-08-16 08:18 78336 ----a-w c:\windows\system32\ieencode.dll
2007-08-02 02:52 . 2006-09-14 22:09 88 --sh--r c:\windows\system32\9EEE86D673.sys
2007-08-02 02:52 . 2006-09-14 22:09 3610 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-14_23.54.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-16 20:31 . 2009-05-16 20:31 16384 c:\windows\Temp\Perflib_Perfdata_8c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-12 185784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-11 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8760:TCP"= 8760:TCP:BitComet 8760 TCP
"8760:UDP"= 8760:UDP:BitComet 8760 UDP
"16213:TCP"= 16213:TCP:BitComet 16213 TCP
"16213:UDP"= 16213:UDP:BitComet 16213 UDP
"17453:TCP"= 17453:TCP:BitComet 17453 TCP
"17453:UDP"= 17453:UDP:BitComet 17453 UDP
"7711:TCP"= 7711:TCP:BitComet 7711 TCP
"7711:UDP"= 7711:UDP:BitComet 7711 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2007 1:35 PM 24652]
S2 2089B345772E4F9C3D4C646BB2A68E90;2089B345772E4F9C3D4C646BB2A68E90;cmd /k start /i "/dC:" "c:\combofix\HIDEC.exe" "c:\combofix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q --> cmd [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\26di48gh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Emily\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2089B345772E4F9C3D4C646BB2A68E90]
"ImagePath"="cmd /k start /i \"/d%systemdrive%\" \"c:\combofix\HIDEC.exe\" \"c:\combofix\SWREG.EXE\" ACL \"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep\" /RESET /Q"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-979388181-2800075177-83406188-1005\Software\SecuROM\License information*]
"datasecu"=hex:fc,de,d8,19,35,4b,f7,73,73,47,6e,b5,c6,56,f1,cb,63,27,b9,8b,75,
9c,79,81,52,f1,96,1e,e4,ce,50,47,62,d4,e2,97,e2,b7,f5,2a,7a,7e,38,c1,c8,eb,\
"rkeysecu"=hex:73,31,f9,4f,33,05,85,d1,76,19,ea,fe,1b,e7,8b,3d
.
Completion time: 2009-05-16 17:01
ComboFix-quarantined-files.txt 2009-05-16 21:00
ComboFix2.txt 2009-05-15 00:03

Pre-Run: 9,193,189,376 bytes free
Post-Run: 9,181,052,928 bytes free

254 --- E O F --- 2009-05-11 19:51


---------------------

Also, the first time I ran ComboFix, it froze on me at this part:

Posted Image

It stopped at this spot for over an hour, so I shut down the program and then had to shut down and reboot my computer. But I don't know which processes I had to end. I just quit the program... I hope I didn't mess anything up. So I booted up the computer and ran ComboFix again and it worked fine that time. And this second time I ran it with the CFScript, it worked fine.
  • 0

#14
Blade81
Posted 16 May 2009 - 05:57 PM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

Let's see if we can find out what's wrong with installer.


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
c:
cd\
dir /a /s msiexec.exe >c:\locations.txt
Double-click on fixes.bat file to execute it. After that c:\locations.txt file should exist. Please post it back here.

After that, click Start, click Run, type regedit in the Open text box, and then click OK.
Expand HKEY_LOCAL_MACHINE, expand SYSTEM, expand CurrentControlSet, expand Services, and then click MSIServer.
Please check what reads on the right side of ImagePath.
  • 0

#15
melange86
Posted 16 May 2009 - 06:07 PM

melange86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I will do this as soon as I finish running the Kaspersky Online Scanner. It's currently at 63% after 2.5 hours. Once I do that, I will run DDS again and post both logs, and then try this next part. Also -- the computer is already running better, I can tell, so thanks for all the help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP