ComboFix 11-05-11.01 - Administrator 05/11/2011  19:07:40.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3323.2865 [GMT -6:00]
Running from: c:\documents and settings\Administrator.BRIANS\Desktop\confuse.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-12 to 2011-05-12  )))))))))))))))))))))))))))))))
.
.
2011-05-09 16:39 . 2008-04-14 11:42	1306624	-c----w-	c:\windows\system32\dllcache\msxml6.dll
2011-05-09 16:37 . 2008-04-14 11:41	4255	------w-	c:\windows\system32\drivers\adv01nt5.dll
2011-05-09 16:33 . 2006-12-29 06:31	19569	----a-w-	c:\windows\000001_.tmp
2011-05-06 04:34 . 2011-05-06 04:50	--------	d-----w-	c:\documents and settings\Administrator.BRIANS\DoctorWeb
2011-05-02 04:47 . 2011-05-02 04:47	--------	d-----w-	c:\program files\Sophos
2011-05-02 03:51 . 2011-05-02 03:51	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-05-02 01:21 . 2011-05-02 01:21	--------	d-----w-	c:\program files\ESET
2011-05-01 20:43 . 2011-05-01 20:46	0	----a-w-	C:\paths.bat
2011-04-22 03:09 . 2011-04-22 03:09	--------	d-----w-	c:\documents and settings\Administrator.BRIANS\Application Data\Foxit Software
2011-04-22 02:55 . 2011-04-22 02:56	--------	d-----w-	c:\program files\WhoCrashed2
2011-04-22 02:39 . 2011-04-08 05:14	2074216	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-04-22 02:18 . 2011-04-22 02:18	--------	d-sh--w-	c:\documents and settings\Administrator.BRIANS\IECompatCache
2011-04-22 02:16 . 2011-04-22 02:16	--------	d-----w-	c:\windows\system32\Adobe
2011-04-22 02:07 . 2011-04-22 02:07	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2011-04-22 02:06 . 2011-04-08 05:14	944232	----a-w-	c:\windows\system32\nvdispco3220140.dll
2011-04-22 02:06 . 2011-04-08 05:14	855656	----a-w-	c:\windows\system32\nvgenco322060.dll
2011-04-20 03:12 . 2011-04-20 03:12	--------	d-----w-	c:\program files\Western Digital Corporation
2011-04-16 19:55 . 2011-05-09 21:51	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-04-16 19:55 . 2011-04-16 19:55	--------	d-----w-	c:\program files\AVAST Software
2011-04-16 18:09 . 2001-08-18 04:36	50688	-c--a-w-	c:\windows\system32\dllcache\umaxscan.dll
2011-04-16 18:08 . 2008-04-14 11:42	27648	-c--a-w-	c:\windows\system32\dllcache\rw430ext.dll
2011-04-16 18:07 . 2008-04-14 06:09	5504	-c--a-w-	c:\windows\system32\dllcache\mstee.sys
2011-04-16 18:06 . 2001-08-18 04:36	372824	-c--a-w-	c:\windows\system32\dllcache\iconf32.dll
2011-04-16 18:05 . 2001-08-17 18:10	44103	-c--a-w-	c:\windows\system32\dllcache\el515.sys
2011-04-16 18:04 . 2001-08-17 19:51	13824	-c--a-w-	c:\windows\system32\dllcache\bulltlp3.sys
2011-04-16 17:44 . 2011-04-22 02:40	259604	----a-w-	c:\windows\system32\nvdrsdb0.bin
2011-04-16 16:49 . 2000-10-05 22:01	602244	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-04-16 16:49 . 2000-10-05 21:55	77824	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-04-16 16:49 . 2000-10-05 21:55	221184	----a-w-	c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-04-16 16:49 . 2000-10-05 21:50	221184	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-04-16 16:49 . 2000-10-05 21:49	32768	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-04-16 16:49 . 2011-04-16 16:49	--------	d-----w-	c:\documents and settings\ADMINI~1~BRI
2011-04-16 16:36 . 2011-04-16 16:36	--------	d-----w-	c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2011-04-16 15:58 . 2011-04-16 16:17	--------	d-----w-	c:\program files\Driver Cleaner Pro
2011-04-16 01:21 . 2011-04-16 01:21	--------	d-----w-	c:\program files\CCleaner
2011-04-16 00:37 . 2008-02-27 04:23	676224	----a-w-	c:\windows\system32\OGACheckControl.dll
2011-04-15 04:07 . 2011-04-15 04:07	--------	d-----w-	c:\program files\Common Files\Java
2011-04-15 04:06 . 2011-04-15 04:06	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-04-15 04:03 . 2011-04-15 04:04	--------	d-----w-	c:\program files\Registry Cleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 04:06 . 2010-12-28 00:17	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-08 05:14 . 2007-10-25 09:17	4111232	------w-	c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2007-10-25 09:17	2027008	----a-w-	c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2007-10-25 09:17	14856192	----a-w-	c:\windows\system32\nvoglnt.dll
2011-04-08 04:15 . 2011-04-08 04:15	81920	----a-w-	c:\windows\system32\nvwddi.dll
2011-04-08 04:15 . 2011-04-08 04:15	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 04:15 . 2011-04-08 04:15	277608	----a-w-	c:\windows\system32\nvmccs.dll
2011-04-08 04:15 . 2011-04-08 04:15	13891176	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-08 04:15 . 2011-04-08 04:15	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-08 04:15 . 2011-04-08 04:15	155752	----a-w-	c:\windows\system32\nvsvc32.exe
2011-04-08 04:15 . 2011-04-08 04:15	145000	----a-w-	c:\windows\system32\nvcolor.exe
2011-02-17 12:32 . 2010-11-11 00:09	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-05-30 07:28	290432	------w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.BRIANS^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.SIRSYSTEM^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^DualCoreCenter.lnk]
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-11 15:20	136176	----atw-	c:\documents and settings\Administrator.BRIANS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-26 08:35	162584	----a-r-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-26 08:36	142104	----a-r-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2006-09-05 11:15	497152	----a-w-	c:\program files\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-08 04:15	13891176	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-04-08 04:15	111208	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-02-24 08:57	1753192	----a-w-	c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-26 08:36	138008	----a-r-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-26 08:33	303104	----a-w-	c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-09 05:10	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2007-10-30 08:37	208896	----a-r-	c:\windows\system32\WinSys2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"wscsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:46 AM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/30/2006 1:28 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:46 AM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2025429265-839522115-500Core.job
- c:\documents and settings\Administrator.BRIANS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 15:20]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2025429265-839522115-500UA.job
- c:\documents and settings\Administrator.BRIANS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-2025429265-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,1d,cc,31,ea,b6,89,41,9e,f9,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,1d,cc,31,ea,b6,89,41,9e,f9,9d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="Internet Explorer Version Update"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"
"Version"="8,0,6001,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="11,0,5721,5262"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE"
"Version"="2,0,0,0"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052"
"StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\Microsoft Base Smart Card Crypto Provider Package]
"IsInstalled"=dword:00000001
"Version"="1,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"Version"="11,0,5721,5262"
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5262"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"=""
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="EN"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
"ComponentID"="M2416447"
@="Microsoft .NET Framework 1.1 Security Update (KB2416447)"
"Version"="1,1,4322"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="8,0,6001,18702"
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,5512"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="11,0,5721,5262"
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,7,0,16599"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
@="Security Update for Windows XP (KB923789)"
"IsInstalled"=dword:00000001
"Version"="6,0,88,0"
"ComponentID"="KB923789"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="EN"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="8,0,6001,18702"
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"Version"="11,0,5721,5262"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
@="Web Folders"
"ComponentID"="WebFolders"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,0,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2900,5512"
@="Address Book 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,5512"
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="8,0,6001,18702"
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"IsInstalled"=dword:00000001
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"Version"="1,1,0,5000"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,1"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Shockwave Flash"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="6,0,88,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}]
@="RootsUpdate"
"IsInstalled"=dword:00000001
"Version"="27,0,2195,0"
"Locale"="*"
"ComponentID"="Windows Roots Update"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-11  19:12:55
ComboFix-quarantined-files.txt  2011-05-12 01:12
.
Pre-Run: 567,945,064,448 bytes free
Post-Run: 567,928,672,256 bytes free
.
- - End Of File - - A3654362BAEF5AF8430773EC72DFA66D