Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Crashing and "Perfect Defender 2009 Popup"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 14th, 2008, 3:38 pm

T0T Oh my gosh, these things just keep coming. Thank you so much for your continued assistance.

1.Info Log
    info.txt logfile of random's system information tool 1.04 2008-12-14 13:33:43

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Contextual Tool Adssite-->C:\WINDOWS\system32\cont_adssite-remove.exe
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 http://www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 http://www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 http://www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 http://www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 081214-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------

2.Log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2008-12-14 13:33:32
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:33:40 PM, on 12/14/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: adssite - {bcc52f1d-65b7-4908-07a6-3e134502b757} - C:\WINDOWS\system32\nsq11.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 6771 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    adssite - C:\WINDOWS\system32\nsq11.dll [2008-11-27 674304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-12-14 13:33:32 ----D---- C:\rsit
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner
    2008-11-29 11:23:21 ----D---- C:\Program Files\Trend Micro
    2008-11-29 11:18:04 ----D---- C:\Program Files\Windows Defender
    2008-11-29 11:10:57 ----D---- C:\Program Files\Panda Security
    2008-11-28 23:46:07 ----D---- C:\Documents and Settings\Christine\Application Data\Malwarebytes
    2008-11-28 23:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-28 23:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-28 19:21:51 ----D---- C:\Documents and Settings\Christine\Application Data\Google
    2008-11-28 16:39:15 ----D---- C:\Program Files\iPod
    2008-11-28 16:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 16:38:01 ----D---- C:\Program Files\Bonjour
    2008-11-27 08:22:52 ----A---- C:\WINDOWS\system32\nsq11.dll
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll

    ======List of files/folders modified in the last 1 months======

    2008-12-14 13:33:02 ----D---- C:\WINDOWS\Prefetch
    2008-12-14 13:26:31 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-14 13:19:11 ----SD---- C:\WINDOWS\Tasks
    2008-12-14 13:18:19 ----D---- C:\WINDOWS\Temp
    2008-12-14 13:17:06 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
    2008-12-14 13:17:05 ----D---- C:\WINDOWS\system32
    2008-12-14 13:16:08 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2008-12-14 00:37:55 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-13 09:38:52 ----D---- C:\WINDOWS
    2008-12-12 20:47:43 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:16:22 ----RD---- C:\Program Files
    2008-12-12 17:14:04 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:12:04 ----SHD---- C:\Config.Msi
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:25 ----HD---- C:\WINDOWS\inf
    2008-12-11 23:34:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:33:59 ----D---- C:\WINDOWS\ie7updates
    2008-12-11 23:33:52 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:57:31 ----D---- C:\WINDOWS\system32\drivers
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-02 22:02:17 ----RHD---- C:\$VAULT$.AVG
    2008-11-29 11:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-29 10:58:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-28 19:14:14 ----D---- C:\Program Files\Apple Software Update
    2008-11-28 16:39:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-28 16:39:45 ----D---- C:\Program Files\iTunes
    2008-11-28 16:39:11 ----D---- C:\Program Files\Common Files\Apple
    2008-11-28 16:37:29 ----D---- C:\Program Files\QuickTime
    2008-11-28 16:19:25 ----D---- C:\WINDOWS\Help
    2008-11-28 16:19:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm
Advertisement
Register to Remove

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 15th, 2008, 2:54 pm

1) Back up your registry with ERUNT
  • Download ERUNT from here and save it to your desktop.
  • Double click erunt-setup.exe to install the program
  • Follow the prompts, and then uncheck Create NTREGOPT desktop icon at the Additional Tasks screen. Click No when you are prompted about creating an ERUNT entry in the startup folder. At the next screen, uncheck Show documentation and check Launch ERUNT
  • If ERUNT doesnt start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process
Note:
The backups can be restored from here:
C:\windows\ERDNT\<todays date>\ERDNT.exe

2) Create and run a registry script
  • Press the windows key and the R key at the same time to open the Run dialog box
    (The windows key is usually located two to the left of your space bar and is labeled with a windows logo)
  • type notepad and press the enter key
  • A new notepad document should now open. Copy the content of the code box below into this notepad document
    Code: Select all
    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    
    [-HKEY_CLASSES_ROOT\CLSID\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\WINDOWS\system32\drivers\svchost.exe"=-
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_adssite]
    
  • Change the Save as type to All files and then save the file as fix.reg
  • Right-click on fix.reg and select Merge
  • Answer Yes at any prompts

Restart your computer after this step

3) Delete malware files
  • Press the windows key and the R key at the same time to open the Run dialog box
    (the windows key is usually located two to the left of the space bar and is labeled with a windows logo)
  • Type control folders and press enter
  • A control panel should now open.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide extensions for known file types option.
  • Uncheck the Hide protected operating system files (recommended) option and click Yes at the warning prompt.
  • Click Apply
  • Click OK
  • Now locate and delete the below files and folders

    C:\Documents and Settings\All Users\Application Data\Viewpoint <-folder
    C:\WINDOWS\system32\cont_adssite-remove.exe
    C:\WINDOWS\system32\nsq11.dll
    C:\WINDOWS\system32\nsh13.dll

  • Empty the recycle bin

4) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 15th, 2008, 11:59 pm

I have completed steps1-2.
But I am now having trouble with step3.
All files have been deleted with the exception of C:\WINDOWS\system32\nsh13.dll, which I have been unable to locate.
Should I continue with the RSIT logs?
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 16th, 2008, 6:46 am

Yes, run step 4, give me the log and we'll see how it looks.
Also, be sure to tell me how your computer has been running since you completed step 1-3. Any popups or other strange behaviour?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 16th, 2008, 4:36 pm

4a.Log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2008-12-16 14:30:25
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 61 GB (80%) free of 76 GB
    Total RAM: 2047 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:30:36 PM, on 12/16/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 6679 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-12-16 14:30:25 ----D---- C:\rsit
    2008-12-15 21:49:00 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner
    2008-11-29 11:23:21 ----D---- C:\Program Files\Trend Micro
    2008-11-29 11:18:04 ----D---- C:\Program Files\Windows Defender
    2008-11-29 11:10:57 ----D---- C:\Program Files\Panda Security
    2008-11-28 23:46:07 ----D---- C:\Documents and Settings\Christine\Application Data\Malwarebytes
    2008-11-28 23:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-28 23:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-28 19:21:51 ----D---- C:\Documents and Settings\Christine\Application Data\Google
    2008-11-28 16:39:15 ----D---- C:\Program Files\iPod
    2008-11-28 16:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 16:38:01 ----D---- C:\Program Files\Bonjour
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll

    ======List of files/folders modified in the last 1 months======

    2008-12-16 14:25:37 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-16 14:25:29 ----D---- C:\WINDOWS\Prefetch
    2008-12-16 14:25:23 ----D---- C:\WINDOWS\Temp
    2008-12-16 14:25:23 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2008-12-16 14:22:14 ----SD---- C:\WINDOWS\Tasks
    2008-12-16 02:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-16 02:54:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-16 02:16:55 ----D---- C:\WINDOWS\system32
    2008-12-15 02:28:02 ----D---- C:\WINDOWS
    2008-12-15 02:26:53 ----RD---- C:\Program Files
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:12:04 ----SHD---- C:\Config.Msi
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:25 ----HD---- C:\WINDOWS\inf
    2008-12-11 23:34:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:33:59 ----D---- C:\WINDOWS\ie7updates
    2008-12-11 23:33:52 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:57:31 ----D---- C:\WINDOWS\system32\drivers
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-02 22:02:17 ----RHD---- C:\$VAULT$.AVG
    2008-11-29 11:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-29 10:58:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-28 19:14:14 ----D---- C:\Program Files\Apple Software Update
    2008-11-28 16:39:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-28 16:39:45 ----D---- C:\Program Files\iTunes
    2008-11-28 16:39:11 ----D---- C:\Program Files\Common Files\Apple
    2008-11-28 16:37:29 ----D---- C:\Program Files\QuickTime
    2008-11-28 16:19:25 ----D---- C:\WINDOWS\Help
    2008-11-28 16:19:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

4b.Info
    info.txt logfile of random's system information tool 1.04 2008-12-16 14:30:38

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Contextual Tool Adssite-->C:\WINDOWS\system32\cont_adssite-remove.exe
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 081216-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------

My computer's been doing much better--it really sped up after I removed AVG and disabled Teatimer; no unexpected crashes either. :D
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 18th, 2008, 4:43 pm

I'm sorry I have to put you through all these scans, you must be getting tired by now.
You have quite a stubborn infection that we're trying to find the root of.
Please hang in there though, otherwise I'm afraid you'll soon be fully reinfected again.

1) Download and run GMER
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Double click on gmer.exe to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
  • Once the scan has finished, click copy
  • Create a new notepad document on your desktop, name it "gmerrk.txt", open it, insert the GMER log by right-clicking in the document and chosing Paste, and then save the document
  • This log must be included in your next reply
  • Back in GMER, click on the >>> tab to bring up additional tabs
  • Click on the Autostart tab and then click Scan
  • Once the scan has finished, click copy, start a new reply here, right click and select "paste" to copy the log.
  • Also remember to copy the content of "gmerrk.txt" into the reply

2) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished a log will open
  • Include this log in your next reply

Logs I need:
Both GMER logs
New RIST log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 21st, 2008, 1:18 am

Hey there,
Thanks for your patience with me and my computer.
I'm afraid I won't be able to do the scans until tomorrow night (I wanted to give you a forewarning).
If you need to break for the holidays or anything please don't hesitate to (I feel so bad taking up all of this time).

Thank you so much, and I look forward to getting these things done!
Christine
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 21st, 2008, 3:49 pm

Dont worry about it, Im less active than usuall these days too due to the holliday.
I will try to be on at least once a day though.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 21st, 2008, 11:41 pm

Sorry for the downtime--here are the logs you needed:

1a.gmerrk log
    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-12-21 21:34:34
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB60CF576]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB60CF432]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB60CF910]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB60CF00A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB60CF50C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB60CEF4A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB60CEFAE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB60CF62C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB60CF5EC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB60CF76C]

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Files - GMER 1.0.14 ----

    File C:\Documents and Settings\Christine\Local Settings\Application Data\Mozilla\Firefox\Profiles\73jdixgg.default\urlclassifier3.sqlite-journal 0 bytes

    ---- EOF - GMER 1.0.14 ----

1b.Autostart gmerrk log
    GMER 1.0.14.14536 - http://www.gmer.net
    Autostart scan 2008-12-21 21:35:11
    Windows 5.1.2600 Service Pack 3


    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
    dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
    WgaLogon@DLLName = WgaLogon.dll

    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
    JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
    LexBceS@ = C:\WINDOWS\system32\LEXBCES.EXE
    NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
    ProtexisLicensing@ = C:\WINDOWS\system32\PSIService.exe
    ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
    TabletServiceWacom@ = C:\WINDOWS\system32\Wacom_Tablet.exe
    WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @BCMSMMSGBCMSMMSG.exe = BCMSMMSG.exe
    @DLAC:\WINDOWS\System32\DLA\DLACTRLW.EXE = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    @SoundMAXPnPC:\Program Files\Analog Devices\Core\smax4pnp.exe = C:\Program Files\Analog Devices\Core\smax4pnp.exe
    @SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
    @avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    @nwiznwiz.exe /install = nwiz.exe /install
    @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    @QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    @iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
    @Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide = "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    @Aim6 /*file not found*/ = /*file not found*/

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
    @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
    @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
    @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
    @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
    @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
    @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
    @{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/C:\Program Files\7-Zip\7-zip.dll = C:\Program Files\7-Zip\7-zip.dll
    @{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\System32\DLA\DLASHX_W.DLL = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    @{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
    @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
    @{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
    @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
    @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
    @{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
    @{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
    @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
    7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
    avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
    avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
    MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
    @{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    @{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\System32\DLA\DLASHX_W.DLL = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
    @{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
    @{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
    @Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
    @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Start Pagehttp://auburn.edu/ = http://auburn.edu/
    @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
    its@CLSID = C:\WINDOWS\system32\itss.dll
    mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
    ms-its@CLSID = C:\WINDOWS\system32\itss.dll
    mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
    wia@CLSID = C:\WINDOWS\system32\wiascr.dll

    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup = Adobe Gamma.lnk

    ---- EOF - GMER 1.0.14 ----

2.RSIT log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2008-12-21 21:35:56
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 61 GB (81%) free of 76 GB
    Total RAM: 2047 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:36:00 PM, on 12/21/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 6745 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-16 14:30:25 ----D---- C:\rsit
    2008-12-15 21:49:00 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner
    2008-11-29 11:23:21 ----D---- C:\Program Files\Trend Micro
    2008-11-29 11:18:04 ----D---- C:\Program Files\Windows Defender
    2008-11-29 11:10:57 ----D---- C:\Program Files\Panda Security
    2008-11-28 23:46:07 ----D---- C:\Documents and Settings\Christine\Application Data\Malwarebytes
    2008-11-28 23:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-28 23:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-28 19:21:51 ----D---- C:\Documents and Settings\Christine\Application Data\Google
    2008-11-28 16:39:15 ----D---- C:\Program Files\iPod
    2008-11-28 16:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 16:38:01 ----D---- C:\Program Files\Bonjour

    ======List of files/folders modified in the last 1 months======

    2008-12-21 21:10:58 ----SD---- C:\WINDOWS\Tasks
    2008-12-21 21:09:57 ----D---- C:\WINDOWS\Temp
    2008-12-21 21:09:32 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-21 21:09:25 ----D---- C:\WINDOWS\Prefetch
    2008-12-21 21:09:05 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2008-12-20 23:35:17 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-20 23:35:17 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-20 23:01:04 ----D---- C:\WINDOWS
    2008-12-20 23:01:02 ----D---- C:\WINDOWS\system32\drivers
    2008-12-20 22:58:19 ----D---- C:\WINDOWS\system32
    2008-12-17 21:14:14 ----HD---- C:\WINDOWS\inf
    2008-12-17 21:14:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates
    2008-12-17 21:13:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-15 02:26:53 ----RD---- C:\Program Files
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:12:04 ----SHD---- C:\Config.Msi
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-02 22:02:17 ----RHD---- C:\$VAULT$.AVG
    2008-11-29 11:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-29 10:58:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-28 19:14:14 ----D---- C:\Program Files\Apple Software Update
    2008-11-28 16:39:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-28 16:39:45 ----D---- C:\Program Files\iTunes
    2008-11-28 16:39:11 ----D---- C:\Program Files\Common Files\Apple
    2008-11-28 16:37:29 ----D---- C:\Program Files\QuickTime
    2008-11-28 16:19:25 ----D---- C:\WINDOWS\Help
    2008-11-28 16:19:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

Thanks again, and I really do hope you're enjoying your holidays. :)
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 29th, 2008, 6:19 pm

Hi Christine, sorry for keeping you waiting so long.
I got more busy than I expected during xmas.
I'm back now though, and I will be back with a response to your previous logs within a day or so.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » December 30th, 2008, 9:09 am

I need a new RIST log to see if anything has changed in the last week.
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, a log will open
  • Include this log in your next reply

A question:
The next procedure may involve keeping the computer disconnected from the internet for around 24hrs to test if the malware infection you still have creates new files on the computer by itself or if it downloads them from the internet. Will keeping the computer offline be a big problem?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » December 30th, 2008, 12:15 pm

Hey! It is great to hear from you again, and I hope you had a great holiday.
I think that it will be fine offline as long as I am able to use the computer for offline programs. Just let me know when I should start. Thank you!

1.New RSIT log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2008-12-30 10:10:38
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:10:47 AM, on 12/30/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 6751 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-16 14:30:25 ----D---- C:\rsit
    2008-12-15 21:49:00 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner

    ======List of files/folders modified in the last 1 months======

    2008-12-30 09:26:29 ----SD---- C:\WINDOWS\Tasks
    2008-12-30 09:26:01 ----D---- C:\WINDOWS\Temp
    2008-12-30 09:23:49 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-30 09:23:32 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2008-12-30 02:03:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-30 02:03:32 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-30 00:18:37 ----D---- C:\WINDOWS\Prefetch
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-29 15:43:55 ----D---- C:\WINDOWS\system32
    2008-12-27 17:35:05 ----D---- C:\WINDOWS
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-20 23:01:02 ----D---- C:\WINDOWS\system32\drivers
    2008-12-17 21:14:14 ----HD---- C:\WINDOWS\inf
    2008-12-17 21:14:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates
    2008-12-17 21:13:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-15 02:26:53 ----RD---- C:\Program Files
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:12:04 ----SHD---- C:\Config.Msi
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 23:04:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2008-12-11 23:04:19 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2008-12-11 21:57:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-02 22:02:17 ----RHD---- C:\$VAULT$.AVG
    2008-12-02 22:02:17 ----D---- C:\Documents and Settings\Christine\Application Data\Google

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby Sharagoz » January 1st, 2009, 4:53 pm

This is the set of instructions where a part of it is to keep the computer off the internet for around 24hrs.
You can use your computer for other things, just keep it offline.
Dont perform these steps until you're ready to keep the computer offline.
Also, since you'll be disconnected from the internet, save these instructions in a notepad document somwhere on your computer in case you need to reference it while offline.

1) Create and run a registry script
  • Press the windows key and the R key at the same time to open the Run dialog box
    (The windows key is usually located two to the left of your space bar and is labeled with a windows logo)
  • type notepad and press the enter key
  • A new notepad document should now open. Copy the content of the code box below into this notepad document
    Code: Select all
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "C:\\WINDOWS\system32\\drivers\\svchost.exe"=-
    
  • Change the Save as type to All files and then save the file as fix.reg
  • Right-click on fix.reg and select Merge
  • Answer Yes at any prompts

2) Disconnect from the internet
If you use a wired connection, physically unplug the cable.
If you use a wireless connection, do this:
  • Press the windows key and the R key at the same time to open the Run dialog box
  • Type in control netconnections and press Enter
  • Right-click on the wireless connection and chose Disable
  • This will disable the wireless card. When you want to connect to the internet again, do the exact same thing, except clicking Enable instead of Disable.

3) Delete file
Delete this file:
C:\WINDOWS\system32\cont_adssite-remove.exe

4) Remove uninstall entry with HJT
  • Launch HiJackThis and click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Select the below program:
    Contextual Tool Adssite
  • Click Delete this entry to have it removed

After this step, wait around 24hrs.
It would be good if you keep the computer on as much as possible, and also do a couple of restarts during this period.

5) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Re-connect to the internet and post the contents of both log.txt and info.txt in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 2nd, 2009, 12:43 pm

Awesome. I just wanted to let you know I got your post, and I'll be performing the steps shortly. Thank you!
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm

Re: Firefox Crashing and "Perfect Defender 2009 Popup"

Unread postby wuchris » January 3rd, 2009, 12:32 pm

1.Log
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Christine at 2008-01-04 10:24:04
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 62 GB (81%) free of 76 GB
    Total RAM: 2047 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:11 AM, on 1/4/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Christine\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Christine.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://auburn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: adssite - {bcc52f1d-65b7-4908-07a6-3e134502b757} - C:\WINDOWS\system32\nsw11.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 7326 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
    Smart-Shopper - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll [2008-10-07 1172952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
    jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2008-10-28 591296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcc52f1d-65b7-4908-07a6-3e134502b757}]
    adssite - C:\WINDOWS\system32\nsw11.dll [2008-12-30 681472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "Aim6"= []

    C:\Documents and Settings\Christine\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-12-31 10:27:22 ----D---- C:\Documents and Settings\Christine\Application Data\Smart-Shopper
    2008-12-31 10:27:21 ----D---- C:\Program Files\Smart-Shopper
    2008-12-31 10:26:52 ----D---- C:\Program Files\jZip
    2008-12-30 05:02:58 ----A---- C:\WINDOWS\system32\nsw11.dll
    2008-12-27 17:35:05 ----D---- C:\WINDOWS\Minidump
    2008-12-27 17:32:02 ----D---- C:\Documents and Settings\Christine\Application Data\vlc
    2008-12-20 23:01:04 ----A---- C:\WINDOWS\gmer.ini
    2008-12-20 23:01:02 ----RA---- C:\WINDOWS\gmer.exe
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2008-12-20 23:01:02 ----A---- C:\WINDOWS\gmer.dll
    2008-12-15 02:28:02 ----D---- C:\WINDOWS\ERDNT
    2008-12-15 02:26:53 ----D---- C:\Program Files\ERUNT
    2008-12-12 17:16:22 ----D---- C:\Program Files\EsetOnlineScanner
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-12 17:11:52 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-11 23:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 23:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-11 21:53:51 ----D---- C:\Program Files\CCleaner
    2008-11-29 11:23:21 ----D---- C:\Program Files\Trend Micro
    2008-11-29 11:18:04 ----D---- C:\Program Files\Windows Defender
    2008-11-29 11:10:57 ----D---- C:\Program Files\Panda Security
    2008-11-28 23:46:07 ----D---- C:\Documents and Settings\Christine\Application Data\Malwarebytes
    2008-11-28 23:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-28 23:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-28 19:21:51 ----D---- C:\Documents and Settings\Christine\Application Data\Google
    2008-11-28 16:39:15 ----D---- C:\Program Files\iPod
    2008-11-28 16:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-28 16:38:01 ----D---- C:\Program Files\Bonjour
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 15:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
    2008-11-13 17:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-13 17:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-13 17:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-10-25 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-16 20:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-16 20:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-16 20:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-16 20:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-16 20:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-09-30 23:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-09-20 22:31:37 ----D---- C:\WINDOWS\Prefetch
    2008-09-20 22:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-09-20 22:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-09-20 22:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-09-20 22:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-09-20 22:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-09-20 22:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-09-20 22:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-09-20 22:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-09-20 22:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-09-20 22:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-09-20 22:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-20 22:19:17 ----D---- C:\WINDOWS\system32\scripting
    2008-09-20 22:19:16 ----D---- C:\WINDOWS\l2schemas
    2008-09-20 22:19:14 ----D---- C:\WINDOWS\system32\en
    2008-09-20 22:19:14 ----D---- C:\WINDOWS\system32\bits
    2008-09-20 22:14:46 ----D---- C:\WINDOWS\ServicePackFiles
    2008-09-20 22:01:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-09-13 12:00:08 ----N---- C:\WINDOWS\system32\wmphoto.dll
    2008-09-13 12:00:03 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2008-09-13 12:00:00 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
    2008-09-13 11:59:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll
    2008-09-13 11:59:31 ----N---- C:\WINDOWS\system32\tspkg.dll
    2008-09-13 11:59:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2008-09-13 11:59:11 ----N---- C:\WINDOWS\system32\spupdwxp.exe
    2008-09-13 11:59:08 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
    2008-09-13 11:59:04 ----N---- C:\WINDOWS\system32\slserv.exe
    2008-09-13 11:59:04 ----N---- C:\WINDOWS\system32\slrundll.exe
    2008-09-13 11:59:04 ----N---- C:\WINDOWS\system32\slgen.dll
    2008-09-13 11:59:04 ----N---- C:\WINDOWS\slrundll.exe
    2008-09-13 11:59:03 ----N---- C:\WINDOWS\system32\slextspk.dll
    2008-09-13 11:59:03 ----N---- C:\WINDOWS\system32\slcoinst.dll
    2008-09-13 11:58:56 ----N---- C:\WINDOWS\system32\setupn.exe
    2008-09-13 11:58:46 ----N---- C:\WINDOWS\system32\s3gnb.dll
    2008-09-13 11:58:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2008-09-13 11:58:38 ----N---- C:\WINDOWS\system32\rasqec.dll
    2008-09-13 11:58:35 ----N---- C:\WINDOWS\system32\qutil.dll
    2008-09-13 11:58:30 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2008-09-13 11:58:29 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2008-09-13 11:58:29 ----N---- C:\WINDOWS\system32\qagent.dll
    2008-09-13 11:58:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
    2008-09-13 11:58:09 ----N---- C:\WINDOWS\system32\onex.dll
    2008-09-13 11:57:35 ----N---- C:\WINDOWS\system32\napstat.exe
    2008-09-13 11:57:35 ----N---- C:\WINDOWS\system32\napmontr.dll
    2008-09-13 11:57:35 ----N---- C:\WINDOWS\system32\napipsec.dll
    2008-09-13 11:57:33 ----N---- C:\WINDOWS\system32\mtxparhd.dll
    2008-09-13 11:57:32 ----N---- C:\WINDOWS\system32\msxml6r.dll
    2008-09-13 11:57:32 ----N---- C:\WINDOWS\system32\msxml6.dll
    2008-09-13 11:57:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2008-09-13 11:57:26 ----N---- C:\WINDOWS\system32\mssha.dll
    2008-09-13 11:56:24 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2008-09-13 11:56:23 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-09-13 11:56:23 ----N---- C:\WINDOWS\system32\mmcex.dll
    2008-09-13 11:56:22 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-09-13 11:56:16 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
    2008-09-13 11:55:51 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2008-09-13 11:55:49 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2008-09-13 11:55:46 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2008-09-13 11:55:46 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2008-09-13 11:55:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2008-09-13 11:55:45 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2008-09-13 11:55:14 ----N---- C:\WINDOWS\system32\smtpapi.dll
    2008-09-13 11:55:13 ----N---- C:\WINDOWS\system32\rwnh.dll
    2008-09-13 11:55:08 ----N---- C:\WINDOWS\system32\comsdupd.exe
    2008-09-13 11:54:59 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
    2008-09-13 11:54:34 ----A---- C:\WINDOWS\003045_.tmp
    2008-09-13 11:54:33 ----N---- C:\WINDOWS\system32\faxpatch.exe
    2008-09-13 11:54:25 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eapqec.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eapphost.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2008-09-13 11:54:24 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2008-09-13 11:54:06 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2008-09-13 11:54:06 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2008-09-13 11:54:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2008-09-13 11:54:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-09-13 11:54:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2008-09-13 11:54:05 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2008-09-13 11:54:05 ----N---- C:\WINDOWS\system32\dot3api.dll
    2008-09-13 11:54:00 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2008-09-13 11:54:00 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2008-09-13 11:53:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2008-09-13 11:53:45 ----N---- C:\WINDOWS\system32\credssp.dll
    2008-09-13 11:53:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2008-09-13 11:53:17 ----N---- C:\WINDOWS\system32\azroles.dll
    2008-09-13 11:53:15 ----N---- C:\WINDOWS\system32\ativvaxx.dll
    2008-09-13 11:53:14 ----N---- C:\WINDOWS\system32\ativtmxx.dll
    2008-09-13 11:53:13 ----N---- C:\WINDOWS\system32\ati3duag.dll
    2008-09-13 11:53:12 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
    2008-09-13 11:53:12 ----N---- C:\WINDOWS\system32\ati2dvag.dll
    2008-09-13 11:53:12 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
    2008-09-13 11:53:12 ----N---- C:\WINDOWS\system32\ati2cqag.dll
    2008-09-13 11:52:57 ----N---- C:\WINDOWS\system32\aaclient.dll
    2008-09-09 14:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
    2008-09-09 14:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
    2008-08-18 06:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-08-18 06:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-18 06:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-08-18 06:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-18 06:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-08-18 06:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-08-18 06:12:14 ----D---- C:\Program Files\Corel
    2008-08-18 06:12:14 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
    2008-08-18 06:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2008-07-10 06:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2008-06-19 19:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2008-06-10 15:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
    2008-06-10 15:30:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2008-06-10 15:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-06-10 15:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
    2008-05-27 23:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
    2008-05-24 07:33:26 ----D---- C:\Program Files\MSECache
    2008-05-22 10:11:05 ----D---- C:\Program Files\Apple Software Update
    2008-05-13 23:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-05-11 19:49:20 ----D---- C:\WINDOWS\system32\NtmsData
    2008-05-05 11:58:18 ----D---- C:\Documents and Settings\Christine\Application Data\DNA
    2008-04-12 09:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-12 09:37:29 ----A---- C:\WINDOWS\system32\nvwrszht.dll
    2008-04-12 09:37:29 ----A---- C:\WINDOWS\system32\nvrszht.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrstr.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrssv.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrssl.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrssk.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvwrsru.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrszhc.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrstr.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrssv.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrssl.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrssk.dll
    2008-04-12 09:37:28 ----A---- C:\WINDOWS\system32\nvrsru.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrspt.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrspl.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsno.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsko.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsja.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsit.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrshu.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrshe.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsptb.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrspt.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrspl.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsno.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsnl.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsko.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsja.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsit.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrshu.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrshe.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsfr.dll
    2008-04-12 09:37:27 ----A---- C:\WINDOWS\system32\nvrsfi.dll
    2008-04-12 09:37:26 ----D---- C:\WINDOWS\nview
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nwiz.exe
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrses.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrseng.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrsel.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrsde.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrsda.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrscs.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwrsar.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwimg.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvshell.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrsesm.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrses.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrseng.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrsel.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrsde.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrsda.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrscs.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvrsar.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nview.dll
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvdspsch.exe
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvcolor.exe
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\nvappbar.exe
    2008-04-12 09:37:26 ----A---- C:\WINDOWS\system32\keystone.exe
    2008-04-12 09:37:25 ----A---- C:\WINDOWS\system32\nvudisp.exe
    2008-04-12 09:31:23 ----A---- C:\WINDOWS\system32\nvwddi.dll
    2008-04-12 09:29:46 ----A---- C:\WINDOWS\system32\nvsvc32.exe
    2008-04-12 09:26:57 ----A---- C:\WINDOWS\system32\nvoglnt.dll
    2008-04-12 09:26:49 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
    2008-04-12 09:26:06 ----A---- C:\WINDOWS\system32\nvmctray.dll
    2008-04-12 09:25:55 ----A---- C:\WINDOWS\system32\nvmccs.dll
    2008-04-12 09:25:33 ----A---- C:\WINDOWS\system32\nvhwvid.dll
    2008-04-12 09:19:29 ----A---- C:\WINDOWS\system32\nvcpl.dll
    2008-04-12 09:18:37 ----A---- C:\WINDOWS\system32\nvcodins.dll
    2008-04-12 09:18:37 ----A---- C:\WINDOWS\system32\nvcod.dll
    2008-04-12 09:18:30 ----A---- C:\WINDOWS\system32\nvapi.dll
    2008-04-12 09:16:48 ----D---- C:\WINDOWS\system32\EVGA
    2008-04-12 09:13:00 ----D---- C:\NVIDIA
    2008-04-08 19:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
    2008-04-08 19:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
    2008-04-08 19:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-04-08 19:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-02-22 20:57:08 ----D---- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
    2008-02-22 20:57:06 ----D---- C:\Documents and Settings\Christine\Application Data\GlobalSCAPE
    2008-02-22 20:56:02 ----D---- C:\Program Files\GlobalSCAPE
    2008-02-20 05:13:25 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-02-12 20:56:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-02-12 20:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-02-11 09:39:26 ----A---- C:\WINDOWS\system32\OnlineScannerDLLA.dll
    2008-02-11 09:39:18 ----A---- C:\WINDOWS\system32\OnlineScannerDLLW.dll
    2008-02-08 13:53:46 ----A---- C:\WINDOWS\system32\OnlineScannerLang.dll
    2008-02-05 08:48:04 ----A---- C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    2008-01-29 11:02:30 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2008-01-28 17:12:38 ----RHD---- C:\$VAULT$.AVG
    2008-01-19 11:11:50 ----D---- C:\Program Files\iPod(2)
    2008-01-19 11:08:15 ----SHD---- C:\Config.Msi
    2008-01-15 19:24:16 ----D---- C:\Documents and Settings\Christine\Application Data\Workrave
    2008-01-15 19:24:06 ----D---- C:\Program Files\Workrave
    2008-01-08 16:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
    2008-01-08 16:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-01-04 10:24:04 ----D---- C:\rsit
    2008-01-03 19:35:36 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2008-01-03 19:35:35 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2008-01-01 21:22:49 ----A---- C:\WINDOWS\system32\kbdkor.dll
    2008-01-01 21:22:48 ----A---- C:\WINDOWS\system32\kbdjpn.dll
    2008-01-01 21:22:48 ----A---- C:\WINDOWS\system32\kbd106.dll
    2008-01-01 21:22:48 ----A---- C:\WINDOWS\system32\kbd103.dll
    2008-01-01 21:22:48 ----A---- C:\WINDOWS\system32\kbd101c.dll
    2008-01-01 21:22:47 ----A---- C:\WINDOWS\system32\kbd101b.dll
    2007-12-27 17:27:03 ----D---- C:\Program Files\SE Inc
    2007-12-11 22:46:12 ----D---- C:\Documents and Settings\Christine\Application Data\AVG7
    2007-12-11 22:45:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-11 20:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
    2007-12-11 20:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
    2007-12-11 20:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2007-12-11 20:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
    2007-12-11 20:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2007-12-11 19:03:54 ----D---- C:\Documents and Settings\Christine\Application Data\acccore
    2007-12-11 19:02:09 ----D---- C:\Program Files\AIM6
    2007-12-05 16:30:53 ----D---- C:\Documents and Settings\Christine\Application Data\Move Networks
    2007-12-05 10:45:53 ----D---- C:\Documents and Settings\Christine\Application Data\Opera
    2007-12-05 02:51:04 ----D---- C:\Documents and Settings\Christine\Application Data\DivX

    ======List of files/folders modified in the last 1 months======

    2008-12-31 10:27:21 ----RD---- C:\Program Files
    2008-12-30 17:49:19 ----D---- C:\Documents and Settings\Christine\Application Data\Mozilla
    2008-12-30 02:03:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-29 19:05:21 ----RSD---- C:\WINDOWS\Fonts
    2008-12-27 17:35:05 ----D---- C:\WINDOWS
    2008-12-27 01:07:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-20 23:01:02 ----D---- C:\WINDOWS\system32\drivers
    2008-12-17 21:14:14 ----HD---- C:\WINDOWS\inf
    2008-12-17 21:14:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-17 21:14:05 ----D---- C:\WINDOWS\ie7updates
    2008-12-17 21:13:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 19:34:12 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-12-12 18:44:52 ----D---- C:\Program Files\DivX
    2008-12-12 17:12:04 ----SHD---- C:\WINDOWS\Installer
    2008-12-12 17:11:01 ----D---- C:\Program Files\Java
    2008-12-11 23:34:09 ----D---- C:\Program Files\Internet Explorer
    2008-12-11 23:04:47 ----SD---- C:\Documents and Settings\Christine\Application Data\Microsoft
    2008-12-11 23:04:45 ----D---- C:\WINDOWS\system
    2008-12-11 21:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-11 21:55:03 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-11-29 11:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-11-29 10:58:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-28 19:18:47 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-28 16:39:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-28 16:39:45 ----D---- C:\Program Files\iTunes
    2008-11-28 16:39:11 ----D---- C:\Program Files\Common Files\Apple
    2008-11-28 16:37:29 ----D---- C:\Program Files\QuickTime
    2008-11-28 16:19:25 ----D---- C:\WINDOWS\Help
    2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
    2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-20 15:13:14 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-16 07:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-10-03 04:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
    2008-09-20 22:30:54 ----D---- C:\WINDOWS\system32\Setup
    2008-09-20 22:30:54 ----D---- C:\WINDOWS\AppPatch
    2008-09-20 22:30:53 ----D---- C:\WINDOWS\system32\wbem
    2008-09-20 22:26:47 ----D---- C:\Program Files\Messenger
    2008-09-20 22:26:08 ----D---- C:\WINDOWS\security
    2008-09-20 22:20:16 ----D---- C:\WINDOWS\WinSxS
    2008-09-20 22:19:50 ----D---- C:\WINDOWS\system32\inetsrv
    2008-09-20 22:19:49 ----D---- C:\WINDOWS\network diagnostic
    2008-09-20 22:19:49 ----D---- C:\WINDOWS\ime
    2008-09-20 22:19:18 ----D---- C:\WINDOWS\system32\usmt
    2008-09-20 22:19:18 ----D---- C:\WINDOWS\system32\en-US
    2008-09-20 22:19:14 ----D---- C:\WINDOWS\PeerNet
    2008-09-20 22:19:13 ----D---- C:\Program Files\Movie Maker
    2008-09-20 22:14:29 ----D---- C:\WINDOWS\system32\Restore
    2008-09-20 22:14:29 ----D---- C:\WINDOWS\system32\npp
    2008-09-20 22:14:29 ----D---- C:\WINDOWS\mui
    2008-09-20 22:14:27 ----D---- C:\WINDOWS\msagent
    2008-09-20 22:14:24 ----D---- C:\WINDOWS\srchasst
    2008-09-20 22:14:23 ----D---- C:\Program Files\NetMeeting
    2008-09-20 22:14:21 ----D---- C:\WINDOWS\system32\Com
    2008-09-20 22:14:17 ----D---- C:\Program Files\Windows Media Player
    2008-09-20 22:14:16 ----D---- C:\Program Files\Windows NT
    2008-09-20 22:14:16 ----D---- C:\Program Files\Outlook Express
    2008-09-20 22:14:09 ----D---- C:\Program Files\Common Files\System
    2008-09-20 22:13:37 ----D---- C:\WINDOWS\system32\oobe
    2008-09-20 22:07:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-09-20 22:01:55 ----D---- C:\WINDOWS\ehome
    2008-09-05 22:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
    2008-09-05 22:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
    2008-09-05 22:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
    2008-09-04 11:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
    2008-08-14 04:11:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 03:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-02 15:40:08 ----D---- C:\Documents and Settings\Christine\Application Data\LimeWire
    2008-07-09 08:53:26 ----D---- C:\Program Files\Adobe
    2008-07-07 14:26:58 ----A---- C:\WINDOWS\system32\es.dll
    2008-06-24 17:12:58 ----N---- C:\WINDOWS\system32\wmpeffects.dll
    2008-06-24 10:43:16 ----A---- C:\WINDOWS\system32\mscms.dll
    2008-06-20 11:46:57 ----A---- C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:46:57 ----A---- C:\WINDOWS\system32\dnsapi.dll
    2008-06-18 05:03:14 ----A---- C:\WINDOWS\system32\WMVCore.dll
    2008-06-18 05:03:08 ----A---- C:\WINDOWS\system32\WMNetmgr.dll
    2008-06-18 01:09:22 ----A---- C:\WINDOWS\system32\logagent.exe
    2008-05-27 22:32:18 ----D---- C:\Documents and Settings\Christine\Application Data\Adobe
    2008-05-24 07:33:43 ----D---- C:\Program Files\Microsoft Office
    2008-05-24 07:33:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-05-11 19:57:16 ----SHD---- C:\System Volume Information
    2008-05-11 19:51:20 ----D---- C:\WINDOWS\repair
    2008-05-11 19:51:06 ----D---- C:\WINDOWS\Registration
    2008-05-09 04:53:40 ----A---- C:\WINDOWS\system32\wshext.dll
    2008-05-09 04:53:40 ----A---- C:\WINDOWS\system32\vbscript.dll
    2008-05-09 04:53:40 ----A---- C:\WINDOWS\system32\scrrun.dll
    2008-05-09 04:53:39 ----A---- C:\WINDOWS\system32\scrobj.dll
    2008-05-09 04:53:39 ----A---- C:\WINDOWS\system32\jscript.dll
    2008-05-08 05:24:44 ----A---- C:\WINDOWS\system32\wscript.exe
    2008-05-07 03:07:23 ----A---- C:\WINDOWS\system32\cscript.exe
    2008-05-06 23:12:40 ----A---- C:\WINDOWS\system32\quartz.dll
    2008-04-14 04:42:38 ----A---- C:\WINDOWS\system32\spnpinst.exe
    2008-04-14 04:42:06 ----A---- C:\WINDOWS\system32\setupapi.dll
    2008-04-14 04:41:58 ----A---- C:\WINDOWS\system32\licdll.dll
    2008-04-13 18:16:51 ----A---- C:\WINDOWS\system32\netsetup.exe
    2008-04-13 18:13:22 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2008-04-13 18:13:22 ----A---- C:\WINDOWS\system32\rdpdd.dll
    2008-04-13 18:13:21 ----A---- C:\WINDOWS\system32\tsddd.dll
    2008-04-13 18:13:00 ----A---- C:\WINDOWS\system32\drmclien.dll
    2008-04-13 18:12:42 ----A---- C:\WINDOWS\system32\tree.com
    2008-04-13 18:12:42 ----A---- C:\WINDOWS\system32\more.com
    2008-04-13 18:12:42 ----A---- C:\WINDOWS\system32\format.com
    2008-04-13 18:12:41 ----A---- C:\WINDOWS\system32\xcopy.exe
    2008-04-13 18:12:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2008-04-13 18:12:41 ----A---- C:\WINDOWS\system32\wscntfy.exe
    2008-04-13 18:12:41 ----A---- C:\WINDOWS\system32\wpnpinst.exe
    2008-04-13 18:12:40 ----A---- C:\WINDOWS\system32\wpabaln.exe
    2008-04-13 18:12:40 ----A---- C:\WINDOWS\system32\winver.exe
    2008-04-13 18:12:39 ----A---- C:\WINDOWS\winhlp32.exe
    2008-04-13 18:12:39 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
    2008-04-13 18:12:39 ----A---- C:\WINDOWS\system32\wextract.exe
    2008-04-13 18:12:38 ----N---- C:\WINDOWS\system32\verclsid.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\vssvc.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\utilman.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\userinit.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\ups.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\upnpcont.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\tracert.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\tracerpt.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\tourstart.exe
    2008-04-13 18:12:38 ----A---- C:\WINDOWS\system32\tlntsvr.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\tlntsess.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\tlntadmn.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\telnet.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\taskmgr.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\tasklist.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\taskkill.exe
    2008-04-13 18:12:37 ----A---- C:\WINDOWS\system32\sysocmgr.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\systeminfo.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\svchost.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\stimon.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\spoolsv.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\spider.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\sort.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2008-04-13 18:12:36 ----A---- C:\WINDOWS\system32\smss.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\smlogsvc.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\smbinst.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\skeys.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\sigverif.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\shutdown.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\shrpubw.exe
    2008-04-13 18:12:35 ----A---- C:\WINDOWS\system32\shmgrate.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\setup.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\sethc.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\services.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\secedit.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\sdbinst.exe
    2008-04-13 18:12:34 ----A---- C:\WINDOWS\system32\schtasks.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\scardsvr.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\savedump.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\runonce.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\rundll32.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\rtcshare.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\rsnotify.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\rsh.exe
    2008-04-13 18:12:33 ----A---- C:\WINDOWS\system32\rexec.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\regsvr32.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\reg.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rdshost.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rcp.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rcimlby.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\rasphone.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\qprocess.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\proxycfg.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\system32\proquota.exe
    2008-04-13 18:12:32 ----A---- C:\WINDOWS\regedit.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\progman.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\powercfg.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\ping.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\perfmon.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\packager.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\osk.exe
    2008-04-13 18:12:31 ----A---- C:\WINDOWS\system32\openfiles.exe
    2008-04-13 18:12:30 ----A---- C:\WINDOWS\system32\odbcconf.exe
    2008-04-13 18:12:30 ----A---- C:\WINDOWS\system32\odbcad32.exe
    2008-04-13 18:12:30 ----A---- C:\WINDOWS\system32\ntvdm.exe
    2008-04-13 18:12:30 ----A---- C:\WINDOWS\system32\ntbackup.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\nslookup.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\notepad.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\netstat.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\netsh.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\netdde.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\net1.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\net.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\nddeapir.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\narrator.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\system32\mstinit.exe
    2008-04-13 18:12:29 ----A---- C:\WINDOWS\notepad.exe
    2008-04-13 18:12:28 ----A---- C:\WINDOWS\system32\mspaint.exe
    2008-04-13 18:12:28 ----A---- C:\WINDOWS\system32\msiexec.exe
    2008-04-13 18:12:27 ----A---- C:\WINDOWS\system32\msdtc.exe
    2008-04-13 18:12:27 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
    2008-04-13 18:12:27 ----A---- C:\WINDOWS\system32\mqsvc.exe
    2008-04-13 18:12:27 ----A---- C:\WINDOWS\system32\mqbkup.exe
    2008-04-13 18:12:27 ----A---- C:\WINDOWS\system32\mplay32.exe
    2008-04-13 18:12:26 ----A---- C:\WINDOWS\system32\mobsync.exe
    2008-04-13 18:12:25 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2008-04-13 18:12:25 ----A---- C:\WINDOWS\system32\mmc.exe
    2008-04-13 18:12:25 ----A---- C:\WINDOWS\system32\makecab.exe
    2008-04-13 18:12:24 ----A---- C:\WINDOWS\system32\magnify.exe
    2008-04-13 18:12:24 ----A---- C:\WINDOWS\system32\lsass.exe
    2008-04-13 18:12:24 ----A---- C:\WINDOWS\system32\logonui.exe
    2008-04-13 18:12:24 ----A---- C:\WINDOWS\system32\logman.exe
    2008-04-13 18:12:24 ----A---- C:\WINDOWS\system32\locator.exe
    2008-04-13 18:12:23 ----A---- C:\WINDOWS\system32\mstsc.exe
    2008-04-13 18:12:23 ----A---- C:\WINDOWS\system32\ipxroute.exe
    2008-04-13 18:12:23 ----A---- C:\WINDOWS\system32\ipv6.exe
    2008-04-13 18:12:22 ----A---- C:\WINDOWS\system32\ipconfig.exe
    2008-04-13 18:12:22 ----A---- C:\WINDOWS\system32\imapi.exe
    2008-04-13 18:12:22 ----A---- C:\WINDOWS\system32\iexpress.exe
    2008-04-13 18:12:21 ----A---- C:\WINDOWS\system32\help.exe
    2008-04-13 18:12:21 ----A---- C:\WINDOWS\system32\grpconv.exe
    2008-04-13 18:12:21 ----A---- C:\WINDOWS\system32\gpresult.exe
    2008-04-13 18:12:21 ----A---- C:\WINDOWS\system32\getmac.exe
    2008-04-13 18:12:21 ----A---- C:\WINDOWS\hh.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\ftp.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\fsquirt.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\forcedos.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\fontview.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\fltmc.exe
    2008-04-13 18:12:20 ----A---- C:\WINDOWS\system32\findstr.exe
    2008-04-13 18:12:19 ----A---- C:\WINDOWS\system32\extrac32.exe
    2008-04-13 18:12:19 ----A---- C:\WINDOWS\system32\eventtriggers.exe
    2008-04-13 18:12:19 ----A---- C:\WINDOWS\system32\eventcreate.exe
    2008-04-13 18:12:19 ----A---- C:\WINDOWS\system32\eudcedit.exe
    2008-04-13 18:12:19 ----A---- C:\WINDOWS\explorer.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\dxdiag.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\dwwin.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\dumprep.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\driverquery.exe
    2008-04-13 18:12:18 ----A---- C:\WINDOWS\system32\dpvsetup.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\dpnsvr.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\dplaysvr.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\dmremote.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\dmadmin.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\dllhost.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\diskpart.exe
    2008-04-13 18:12:17 ----A---- C:\WINDOWS\system32\diantz.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\dfrgfat.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\defrag.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\ddeshare.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2008-04-13 18:12:16 ----A---- C:\WINDOWS\system32\ctfmon.exe
    2008-04-13 18:12:15 ----A---- C:\WINDOWS\system32\csrss.exe
    2008-04-13 18:12:15 ----A---- C:\WINDOWS\system32\conime.exe
    2008-04-13 18:12:15 ----A---- C:\WINDOWS\system32\cmstp.exe
    2008-04-13 18:12:15 ----A---- C:\WINDOWS\system32\cmmon32.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cmdl32.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cmd.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\clipsrv.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cliconfg.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cleanmgr.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cisvc.exe
    2008-04-13 18:12:14 ----A---- C:\WINDOWS\system32\cipher.exe
    2008-04-13 18:12:13 ----A---- C:\WINDOWS\system32\cacls.exe
    2008-04-13 18:12:13 ----A---- C:\WINDOWS\system32\bootcfg.exe
    2008-04-13 18:12:13 ----A---- C:\WINDOWS\system32\blastcln.exe
    2008-04-13 18:12:13 ----A---- C:\WINDOWS\system32\autolfn.exe
    2008-04-13 18:12:13 ----A---- C:\WINDOWS\system32\autofmt.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\autoconv.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\autochk.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\auditusr.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\attrib.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\atmadm.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\at.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\asr_pfu.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\asr_fmt.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\alg.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\ahui.exe
    2008-04-13 18:12:12 ----A---- C:\WINDOWS\system32\actmovie.exe
    2008-04-13 18:12:11 ----N---- C:\WINDOWS\system32\xmllite.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\zipfldr.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\xmlprovi.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\xmlprov.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\xactsrv.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\wzcsvc.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\wzcsapi.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\wzcdlg.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2008-04-13 18:12:11 ----A---- C:\WINDOWS\system32\accwiz.exe
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wtsapi32.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wstdecod.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wsock32.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wsnmp32.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wshtcpip.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wshrm.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wship6.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wshcon.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wshbth.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wsecedit.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wscsvc.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\ws2help.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\ws2_32.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wow32.dll
    2008-04-13 18:12:10 ----A---- C:\WINDOWS\system32\wmstream.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wmpui.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wmpcore.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wmpcd.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wlnotify.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wldap32.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wkssvc.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\wintrust.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winsta.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winsrv.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winshfhc.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winscard.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winrnr.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winmm.dll
    2008-04-13 18:12:09 ----A---- C:\WINDOWS\system32\winipsec.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\winhttp.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\win32spl.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiavideo.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiashext.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiaservc.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiascr.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiadss.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wiadefui.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\webvw.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\webclnt.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wdigest.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\wavemsp.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\w3ssl.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\w32time.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\vssapi.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\version.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\verifier.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\vdmredir.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\vdmdbg.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\vbajet32.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\uxtheme.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\usp10.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\userenv.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\user32.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\usbui.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\usbmon.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\upnpui.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\upnphost.dll
    2008-04-13 18:12:08 ----A---- C:\WINDOWS\system32\upnp.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\twain_32.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\untfs.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\uniplat.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\unimdmat.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\umandlg.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\ulib.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\udhisapi.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\txflog.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\twext.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\trkwks.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\themeui.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\termmgr.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tcpmonui.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tcpmon.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tcpmib.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tapisrv.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tapi32.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\tapi3.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\t2embed.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\syssetup.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\syncui.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\synceng.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\sxs.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\strmfilt.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\storprop.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\stobject.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\sti_ci.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\sti.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\stclient.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\ssdpapi.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\srvsvc.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\srsvc.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\srrstr.dll
    2008-04-13 18:12:07 ----A---- C:\WINDOWS\system32\srclient.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\sqlunirl.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\spoolss.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\snmpsnap.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\snmpapi.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\smlogcfg.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\slbiop.dll
    2008-04-13 18:12:06 ----A---- C:\WINDOWS\system32\slayerxp.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sigtab.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shsvcs.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shscrap.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shmedia.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shlwapi.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shimgvw.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shimeng.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shgina.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shfolder.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shell32.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\shdocvw.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sfcfiles.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sfc_os.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sfc.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\servdeps.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sensapi.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sens.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sendmail.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sendcmsg.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\security.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\secur32.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\seclogon.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sdhcinst.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sclgntfy.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\schannel.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\scesrv.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\scecli.dll
    2008-04-13 18:12:05 ----A---- C:\WINDOWS\system32\sccsccp.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\scarddlg.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\sbeio.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\sbe.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\samsrv.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\samlib.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\safrslv.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\safrdm.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rtutils.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rtipxmib.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rsvpsp.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rsmps.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rshx32.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rpcss.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rpcrt4.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\riched20.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\resutils.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\remotepg.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\regwizc.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\regsvc.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\regapi.dll
    2008-04-13 18:12:04 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rdchost.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rastls.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rastapi.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rassapi.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasppp.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasmans.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasman.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasdlg.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\raschap.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasauto.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasapi32.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\rasadhlp.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\query.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qmgr.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qedit.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qdvd.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qdv.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\qcap.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\pstorsvc.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\pstorec.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\psbase.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\psapi.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\profmap.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\printui.dll
    2008-04-13 18:12:03 ----A---- C:\WINDOWS\system32\powrprof.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\polstore.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\pjlmon.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\pid.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\photowiz.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\perfproc.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\perfos.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\perfnet.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\perfdisk.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\perfctrs.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\pdh.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\pautoenr.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\p2psvc.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\p2pgraph.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\p2p.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\osuninst.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\opengl32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\olepro32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\oleprn.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\oledlg.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\olecnv32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\olecli32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\oleaut32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ole32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\offfilt.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odtext32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odpdx32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odfox32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odexl32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\oddbse32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbctrac.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbcjt32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbccu32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbccr32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbccp32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbcconf.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbcbcp.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbc32gt.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\odbc32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ocmanage.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\objsel.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\oakley.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\nwwks.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\nwprovau.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\nwapi32.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntvdmd.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntshrui.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntprint.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntmssvc.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntmsdba.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntmsapi.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntmarta.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntlsapi.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntlanman.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\ntdsapi.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\npptools.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\nlhtml.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\newdev.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\netui1.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\netui0.dll
    2008-04-13 18:12:02 ----A---- C:\WINDOWS\system32\netshell.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netrap.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netplwiz.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netman.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netlogon.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netid.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\netcfgx.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\nddenb32.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\nddeapi.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\ncobjapi.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mydocs.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mtxex.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mtxclu.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msyuv.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msxml2.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msxml.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\mswebdvd.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msw3prt.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msvidctl.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msvfw32.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msvcrt.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msvcp60.dll
    2008-04-13 18:12:01 ----A---- C:\WINDOWS\system32\msvcirt.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msvbvm60.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msv1_0.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msutb.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\mstlsapi.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\mstask.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\mssap.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msrle32.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\mspatcha.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msorcl32.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msoert2.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msnsspc.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\mslbui.dll
    2008-04-13 18:12:00 ----A---- C:\WINDOWS\system32\msjint40.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msisip.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msimtf.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msimg32.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msihnd.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msieftp.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msidle.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msident.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msi.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msgsvc.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msgina.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msftedit.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdmo.dll
    2008-04-13 18:11:59 ----A---- C:\WINDOWS\system32\msdart.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msdadiag.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msctfp.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msctf.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\mscpxl32.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msconf.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msasn1.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msapsspc.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\msacm32.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\mqutil.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\mqupgrd.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\mqtrig.dll
    2008-04-13 18:11:58 ----A---- C:\WINDOWS\system32\mqsnap.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqsec.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqrtdep.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqrt.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqqm.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqoa.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqise.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqdscli.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mqad.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mprdim.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mprapi.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mpr.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\modemui.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mobsync.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mmcshext.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mmcbase.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mlang.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\mimefilt.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\miglibnt.dll
    2008-04-13 18:11:57 ----A---- C:\WINDOWS\system32\midimap.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mstscax.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mgmtapi.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mfcsubs.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mfc42.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mfc40u.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mf3216.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mdminst.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mciwave.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mciseq.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mciqtz32.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mciavi32.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\mcastmib.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\lsasrv.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\lprhelp.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\lpk.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\localui.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\localspl.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\localsec.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\loadperf.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\lmrt.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\lmhsvc.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\linkinfo.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\licwmi.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\ksuser.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\keymgr.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\kernel32.dll
    2008-04-13 18:11:56 ----A---- C:\WINDOWS\system32\kerberos.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\jgpl400.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\jgdw400.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\iyuv_32.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ixsso.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\iuengine.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\itss.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\itircl.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\isign32.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ir50_qc.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ir50_32.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ir41_qc.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipxwan.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipv6mon.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ippromon.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipnathlp.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\ipmontr.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\iphlpapi.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\input.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\initpki.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\inetppui.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\inetpp.dll
    2008-04-13 18:11:55 ----A---- C:\WINDOWS\system32\inetmib1.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\imm32.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\imeshare.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\imagehlp.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\ils.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\igmpagnt.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\ifmon.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\ieencode.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\idq.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\icwdial.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\icm32.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\iccvid.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\icaapi.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\iasrad.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\htui.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\httpapi.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hotplug.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hnetwiz.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hnetcfg.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hlink.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hidserv.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hid.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hhsetup.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\hccoin.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\h323msp.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\gptext.dll
    2008-04-13 18:11:54 ----A---- C:\WINDOWS\system32\glu32.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fwcfg.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fontsub.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fontext.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fltlib.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fldrclnr.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\filemgmt.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\feclient.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fdeploy.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\fde.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\faultrep.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\exts.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\expsrv.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\eventlog.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\esent.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\ersvc.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\encdec.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\encapi.dll
    2008-04-13 18:11:53 ----A---- C:\WINDOWS\system32\els.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\efsadu.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dxmasf.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dxdiagn.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dx8vb.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dx7vb.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\duser.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dswave.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsuiext.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dssec.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsquery.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsprop.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsound3d.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsound.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dskquota.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dsdmo.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\ds32gt.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\drprov.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\drmstor.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpwsockx.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpvvox.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpvoice.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpvacm.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpnhpast.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpnet.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dpmodemx.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dplayx.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\docprop2.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmutil.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmusic.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmsynth.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmstyle.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmserver.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmscript.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmloader.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmime.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmdlgs.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmcompos.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dmband.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dispex.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\diskcopy.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dinput8.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dinput.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\digest.dll
    2008-04-13 18:11:52 ----A---- C:\WINDOWS\system32\dhcpmon.dll
    2008-04-13 18:11:51 ----N---- C:\WINDOWS\system32\corpol.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dgnet.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dfsshlex.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dfrgui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\devmgr.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\devenum.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\ddrawex.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\ddraw.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dciman32.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dbnetlib.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dbghelp.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\davclnt.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\datime.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\dataclen.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\danim.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\d3dim700.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\d3d9.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\d3d8thk.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\d3d8.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\csrsrv.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cscui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cscdll.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptsvc.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptnet.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptext.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptdll.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\cryptdlg.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\crypt32.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\credui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\confmsp.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comuid.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comsnap.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comres.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comrepl.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\compstui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\compatui.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comdlg32.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comctl32.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\comaddin.dll
    2008-04-13 18:11:51 ----A---- C:\WINDOWS\system32\colbact.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cnbjmon.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cmutil.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cmsetacl.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cmprops.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cmdial32.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cmcfg32.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\clusapi.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cliconfg.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\ciodm.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cic.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\certmgr.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\certcli.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cdosys.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cdfview.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\catsrv.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\capesnpn.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\camocx.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cabview.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\cabinet.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\btpanui.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\bthserv.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\bthci.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\browsewm.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\browseui.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\browser.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\bidispl.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\batt.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\batmeter.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\basesrv.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\avifil32.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\authz.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\audiosrv.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\atmlib.dll
    2008-04-13 18:11:50 ----A---- C:\WINDOWS\system32\atl.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\asycfilt.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\appmgr.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\appmgmts.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\apphelp.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\amstream.dll
    2008-04-13 18:11:49 ----A---- C:\WINDOWS\system32\alrsvc.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\advapi32.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\adsnw.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\adsnt.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\adsmsext.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\adsldpc.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\adsldp.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\actxprxy.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\activeds.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\aclui.dll
    2008-04-13 18:11:48 ----A---- C:\WINDOWS\system32\6to4svc.dll
    2008-04-13 18:11:24 ----A---- C:\WINDOWS\system32\ntdll.dll
    2008-04-13 18:11:15 ----A---- C:\WINDOWS\system32\wmi.dll
    2008-04-13 18:11:11 ----A---- C:\WINDOWS\system32\winntbbu.dll
    2008-04-13 18:10:45 ----A---- C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 18:10:31 ----A---- C:\WINDOWS\system32\odbcji32.dll
    2008-04-13 18:10:08 ----A---- C:\WINDOWS\system32\msdxmlc.dll
    2008-04-13 18:10:06 ----A---- C:\WINDOWS\system32\msafd.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdukx.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdno1.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdnec.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdmaori.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdinmal.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdinben.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
    2008-04-13 18:09:55 ----A---- C:\WINDOWS\system32\kbdfi1.dll
    2008-04-13 18:09:40 ----A---- C:\WINDOWS\system32\icmp.dll
    2008-04-13 18:09:35 ----A---- C:\WINDOWS\system32\gpedit.dll
    2008-04-13 18:09:33 ----A---- C:\WINDOWS\system32\framebuf.dll
    2008-04-13 18:09:24 ----A---- C:\WINDOWS\system32\pidgen.dll
    2008-04-13 18:09:20 ----A---- C:\WINDOWS\system32\dpnlobby.dll
    2008-04-13 18:09:19 ----A---- C:\WINDOWS\system32\dpnaddr.dll
    2008-04-13 18:09:05 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
    2008-04-13 18:09:01 ----A---- C:\WINDOWS\system32\atmfd.dll
    2008-04-13 12:43:31 ----A---- C:\WINDOWS\system32\spiisupd.exe
    2008-04-13 12:31:35 ----A---- C:\WINDOWS\system32\kd1394.dll
    2008-04-13 12:31:28 ----A---- C:\WINDOWS\system32\HAL.DLL
    2008-04-13 12:30:46 ----A---- C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 11:39:29 ----A---- C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 11:39:26 ----A---- C:\WINDOWS\system32\xpsp3res.dll
    2008-04-13 11:39:24 ----A---- C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 11:39:22 ----A---- C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 11:37:57 ----A---- C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 11:37:57 ----A---- C:\WINDOWS\system32\dssenh.dll
    2008-04-13 11:26:07 ----A---- C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 11:26:05 ----A---- C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 11:26:05 ----A---- C:\WINDOWS\system32\odbcint.dll
    2008-04-13 11:24:14 ----A---- C:\WINDOWS\system32\msorc32r.dll
    2008-04-13 11:21:32 ----A---- C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 11:09:30 ----A---- C:\WINDOWS\system32\dsprpres.dll
    2008-04-13 11:03:24 ----A---- C:\WINDOWS\system32\browselc.dll
    2008-04-13 11:03:19 ----A---- C:\WINDOWS\system32\shdoclc.dll
    2008-04-13 10:48:53 ----A---- C:\WINDOWS\system32\winbrand.dll
    2008-04-13 10:45:30 ----A---- C:\WINDOWS\system32\moricons.dll
    2008-04-13 10:23:31 ----A---- C:\WINDOWS\system32\msprivs.dll
    2008-04-13 10:22:12 ----A---- C:\WINDOWS\system32\inetres.dll
    2008-04-13 09:39:43 ----A---- C:\WINDOWS\system32\msimsg.dll
    2008-04-12 09:16:15 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-04-11 13:04:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2008-03-24 22:50:58 ----A---- C:\WINDOWS\system32\msxbde40.dll
    2008-03-24 22:50:58 ----A---- C:\WINDOWS\system32\mswstr10.dll
    2008-03-24 22:50:57 ----A---- C:\WINDOWS\system32\mswdat10.dll
    2008-03-24 22:50:55 ----A---- C:\WINDOWS\system32\mstext40.dll
    2008-03-24 22:50:52 ----A---- C:\WINDOWS\system32\msrepl40.dll
    2008-03-24 22:50:49 ----A---- C:\WINDOWS\system32\msrd3x40.dll
    2008-03-24 22:50:47 ----A---- C:\WINDOWS\system32\msrd2x40.dll
    2008-03-24 22:50:45 ----A---- C:\WINDOWS\system32\mspbde40.dll
    2008-03-24 22:50:44 ----A---- C:\WINDOWS\system32\msltus40.dll
    2008-03-24 22:50:42 ----A---- C:\WINDOWS\system32\msjtes40.dll
    2008-03-24 22:50:42 ----A---- C:\WINDOWS\system32\msjter40.dll
    2008-03-24 22:50:40 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
    2008-03-24 22:50:34 ----A---- C:\WINDOWS\system32\msjet40.dll
    2008-03-24 22:50:30 ----A---- C:\WINDOWS\system32\msexcl40.dll
    2008-03-24 22:50:28 ----A---- C:\WINDOWS\system32\msexch40.dll
    2008-02-22 20:55:31 ----D---- C:\Program Files\Common Files\InstallShield
    2008-02-20 05:14:28 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
    2008-02-13 22:46:08 ----D---- C:\Program Files\Common Files\Adobe
    2008-02-13 22:45:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-02-06 22:26:17 ----D---- C:\WINDOWS\system32\config
    2008-01-28 17:12:38 ----D---- C:\Program Files\7-Zip
    2008-01-04 10:23:08 ----D---- C:\Documents and Settings\Christine\Application Data\WTablet
    2008-01-04 10:23:00 ----D---- C:\WINDOWS\Temp
    2008-01-02 11:26:13 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-01-02 11:14:16 ----D---- C:\WINDOWS\system32
    2008-01-02 10:30:22 ----SD---- C:\WINDOWS\Tasks
    2008-01-02 10:28:40 ----D---- C:\Program Files\Mozilla Firefox
    2007-12-13 18:40:29 ----D---- C:\Documents and Settings\Christine\Application Data\Apple Computer
    2007-12-11 19:02:11 ----D---- C:\Program Files\Common Files\AOL
    2007-12-10 12:44:12 ----A---- C:\WINDOWS\lexstat.ini
    2007-12-07 01:16:47 ----D---- C:\QUARANTINE
    2007-12-05 10:45:54 ----A---- C:\WINDOWS\win.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]
    S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
    R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-02 72704]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

2.Info
    info.txt logfile of random's system information tool 1.04 2008-01-04 10:24:18

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PainterX.log
    Corel Painter X-->MsiExec.exe /I{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
    CuteFTP 8 Home-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
    DELETER COMICWORKS-->MsiExec.exe /I{85CFC80F-B410-42E7-855F-F2AE1DF64315}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
    Lexmark Z700-P700 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst32.exe /u C:\WINDOWS\system32\DRVSTORE\hpxp4370_EE583B2413E4C828DFD7901D646C3D9BF7599402\hpxp4370.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090102-0]

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\jZip
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

    -----------------EOF-----------------
wuchris
Regular Member
 
Posts: 26
Joined: November 29th, 2008, 1:31 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware