Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

w32 worm removal help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

w32 worm removal help please

Unread postby nfearls » June 11th, 2009, 1:51 pm

About 3 days ago i downloaded an email that Mcafee caught because of a trojan, and it deleted it. I did a full scan with mcafee, then spybot search and destroy, everything up clean. Yesterday, Wednesday, I noticed my search engine results being hijacked when I click on the search results. I also noticed that Mcafee will not come up, update, nor run. A scan via Mcafee web site found a worm...I forgot to write it down, but i think it's w32.generic.i.

I have no noticable problems except what is stated above, and I cannot open Mcafee. I even reinstalled mcafee, but it will not install properly.

Below is hijack work file.

Your help is appreciated.

NFEarls

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:56 PM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\winlogin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Fred\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Fast User Switching] C:\WINDOWS\system32\winlogin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Trojan Guarder.lnk = C:\Program Files\Trojan Guarder\Trojan Guarder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3257864733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3264050515
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 11252 bytes
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm
Advertisement
Register to Remove

Re: w32 worm removal help please

Unread postby Shaba » June 13th, 2009, 5:24 am

Hi nfearls

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\winlogin.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 15th, 2009, 12:22 am

Used Jotti....0 of 20 scanners reported malware. Below is text of box "additional info".

File size: 507904 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: ed0ef0a136dec83df69f04118870003e
SHA1: f77a7cd78877527023ebfb35e83b75ef59d3df07

Aftern i ran that scan, i noticed my search results links were not hijacked anymore. Is that a coincidence?

Thanks for the help.

Fred
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby Shaba » June 15th, 2009, 1:36 am

Yes it is likely coincidence.

Anyway that file is bad for sure.

Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
  4. The first one, "log.txt", will be maximized
  5. The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 15th, 2009, 11:45 am

Here is log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fred at 2009-06-15 11:42:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 156 GB (80%) free of 194 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:58 AM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\All Users\Application Data\93474526\93474526.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Fred\Desktop\RSIT.exe
C:\Documents and Settings\Fred\Desktop\Fred.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [13464534] C:\Documents and Settings\All Users\Application Data\13464534\13464534.exe
O4 - HKLM\..\Run: [93474526] C:\Documents and Settings\All Users\Application Data\93474526\93474526.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Trojan Guarder.lnk = C:\Program Files\Trojan Guarder\Trojan Guarder.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3257864733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3264050515
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 11464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\SiteAdv.dll [2006-07-24 960664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-01 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2008-12-18 99328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2008-12-18 3142144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe [2006-07-26 1287792]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2003-05-04 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2003-05-04 40960]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-26 148888]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2003-06-30 188416]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2003-06-30 65536]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-01 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-11 518488]
"13464534"=C:\Documents and Settings\All Users\Application Data\13464534\13464534.exe []
"93474526"=C:\Documents and Settings\All Users\Application Data\93474526\93474526.exe [2009-06-15 47660]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Trojan Guarder.lnk - C:\Program Files\Trojan Guarder\Trojan Guarder.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\winlogin.exe"="C:\WINDOWS\system32\winlogin.exe:*:Enabled:Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\McAfee\MWL\MwlSvc.exe"="C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-15 11:42:45 ----D---- C:\rsit
2009-06-15 11:27:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-15 08:58:21 ----A---- C:\Documents and Settings\All Users\Application Data\93474526.ini
2009-06-15 08:58:20 ----D---- C:\Documents and Settings\All Users\Application Data\93474526
2009-06-15 03:00:46 ----SHD---- C:\Config.Msi
2009-06-11 10:59:33 ----D---- C:\WINDOWS\McAfee.com
2009-06-11 10:41:36 ----D---- C:\Program Files\Trojan Guarder
2009-06-11 10:33:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-11 07:41:03 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 07:40:52 ----D---- C:\Program Files\Lavasoft
2009-06-11 07:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-11 07:34:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-11 07:34:45 ----D---- C:\Program Files\SpywareBlaster
2009-06-11 07:15:57 ----D---- C:\WINDOWS\system32\URTTEMP
2009-06-10 22:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 22:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 22:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-06-10 22:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 22:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-09 20:02:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-09 20:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 10:16:02 ----D---- C:\Program Files\Common Files\Serious Magic
2009-06-09 10:06:07 ----D---- C:\Program Files\Serious Magic
2009-06-07 22:54:02 ----D---- C:\Documents and Settings\Fred\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-06-07 22:53:55 ----D---- C:\Program Files\TweetDeck
2009-06-07 22:53:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-07 12:51:26 ----D---- C:\Search
2009-06-06 21:53:22 ----D---- C:\Documents and Settings\Fred\Application Data\FileZilla
2009-06-06 21:53:16 ----D---- C:\Program Files\FileZilla FTP Client
2009-06-06 12:48:24 ----D---- C:\Documents and Settings\Fred\Application Data\EPSON
2009-06-06 06:41:33 ----HD---- C:\WINDOWS\PIF
2009-06-03 21:12:58 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-03 21:08:35 ----D---- C:\Documents and Settings\Fred\Application Data\Windows Search
2009-06-03 20:56:39 ----D---- C:\Program Files\Support Tools
2009-06-03 10:00:39 ----D---- C:\Program Files\PayPal
2009-06-03 10:00:25 ----D---- C:\Documents and Settings\Fred\Application Data\InstallShield
2009-06-02 13:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-02 13:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-02 13:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-02 13:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-02 13:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-02 13:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-01 22:51:37 ----D---- C:\Documents and Settings\Fred\Application Data\Apple Computer
2009-06-01 22:47:34 ----D---- C:\Program Files\QuickTime
2009-06-01 22:47:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-01 22:47:07 ----D---- C:\Program Files\Apple Software Update
2009-06-01 22:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-01 22:39:01 ----D---- C:\Program Files\Common Files\xing shared
2009-06-01 22:38:54 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-01 22:38:40 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-01 22:38:40 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-01 22:38:39 ----D---- C:\Program Files\Real
2009-06-01 22:38:39 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-01 22:38:36 ----D---- C:\Program Files\Common Files\Real
2009-06-01 22:38:34 ----D---- C:\Documents and Settings\Fred\Application Data\Real
2009-06-01 17:27:40 ----D---- C:\WINDOWS\ie8updates
2009-06-01 17:26:06 ----D---- C:\WINDOWS\WBEM
2009-06-01 17:23:43 ----HDC---- C:\WINDOWS\ie8
2009-06-01 17:14:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-01 17:13:57 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-01 17:13:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-01 17:13:06 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-01 17:12:44 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-06-01 17:11:50 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-01 17:11:23 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-01 17:11:10 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-01 07:30:42 ----D---- C:\Program Files\eBay
2009-05-31 20:51:45 ----D---- C:\Documents and Settings\Fred\Application Data\AdobeUM
2009-05-31 11:59:57 ----D---- C:\WINDOWS\Minidump
2009-05-31 08:19:38 ----D---- C:\WINDOWS\nview
2009-05-31 08:19:38 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-05-31 08:19:12 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-05-31 08:18:57 ----D---- C:\NVIDIA
2009-05-31 08:09:33 ----D---- C:\Program Files\SystemRequirementsLab
2009-05-31 08:09:31 ----D---- C:\Documents and Settings\Fred\Application Data\SystemRequirementsLab
2009-05-31 07:29:12 ----D---- C:\Program Files\proDAD
2009-05-31 07:29:12 ----D---- C:\Documents and Settings\Fred\Application Data\proDAD
2009-05-30 22:59:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-30 22:59:03 ----D---- C:\Program Files\Common Files\Pinnacle
2009-05-30 22:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2009-05-30 22:51:16 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2009-05-30 22:51:11 ----D---- C:\Program Files\Common Files\Yahoo!
2009-05-30 22:51:10 ----D---- C:\Program Files\Pinnacle
2009-05-30 22:51:10 ----D---- C:\Documents and Settings\All Users\Application Data\Studio 12
2009-05-30 22:51:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
2009-05-30 22:44:22 ----RSD---- C:\WINDOWS\assembly
2009-05-30 22:43:21 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-30 22:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2009-05-30 19:44:31 ----N---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000004-10031102}.BAK
2009-05-30 19:39:26 ----N---- C:\WINDOWS\Updreg.EXE
2009-05-30 19:39:26 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2009-05-30 19:39:26 ----N---- C:\WINDOWS\CTRES.DLL
2009-05-30 19:39:26 ----N---- C:\WINDOWS\CTCCW.DLL
2009-05-30 19:39:26 ----N---- C:\WINDOWS\AC3API.INI
2009-05-30 19:39:25 ----N---- C:\WINDOWS\system32\MFCUIA32.DLL
2009-05-30 19:39:24 ----N---- C:\WINDOWS\system32\MFCANS32.DLL
2009-05-30 19:39:23 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-05-30 19:39:23 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2009-05-30 19:39:21 ----D---- C:\WINDOWS\system32\Defaults
2009-05-30 19:38:22 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-05-30 19:38:20 ----A---- C:\WINDOWS\system32\SFMS32.DLL
2009-05-30 19:38:20 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-05-30 19:38:20 ----A---- C:\WINDOWS\system32\REGPLIB.EXE
2009-05-30 19:38:20 ----A---- C:\WINDOWS\READREG.EXE
2009-05-30 19:38:20 ----A---- C:\WINDOWS\PSCONV.EXE
2009-05-30 19:38:19 ----A---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-05-30 19:38:19 ----A---- C:\WINDOWS\system32\OPENAL32.DLL
2009-05-30 19:38:19 ----A---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-05-30 19:38:19 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-05-30 19:38:18 ----A---- C:\WINDOWS\system32\KILL.INI
2009-05-30 19:38:18 ----A---- C:\WINDOWS\system32\ENSDEF.INI
2009-05-30 19:38:18 ----A---- C:\WINDOWS\system32\ENSDEF.EXE
2009-05-30 19:38:18 ----A---- C:\WINDOWS\system32\EAXAC3.DLL
2009-05-30 19:38:18 ----A---- C:\WINDOWS\DEVREG.DLL
2009-05-30 19:38:17 ----A---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-05-30 19:38:17 ----A---- C:\WINDOWS\system32\CTSCAL.DLL
2009-05-30 19:38:16 ----A---- C:\WINDOWS\system32\ctsblfx.dll
2009-05-30 19:38:16 ----A---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-05-30 19:38:16 ----A---- C:\WINDOWS\system32\CTHELPER.EXE
2009-05-30 19:38:15 ----A---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-05-30 19:38:14 ----A---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-05-30 19:38:13 ----A---- C:\WINDOWS\system32\CTDCIFCE.DLL
2009-05-30 19:38:13 ----A---- C:\WINDOWS\system32\CTDC0001.DLL
2009-05-30 19:38:13 ----A---- C:\WINDOWS\system32\CTDC0000.DLL
2009-05-30 19:38:12 ----A---- C:\WINDOWS\system32\ctaudfx.dll
2009-05-30 19:38:12 ----A---- C:\WINDOWS\system32\CTASIO.DLL
2009-05-30 19:38:12 ----A---- C:\WINDOWS\system32\CTAGENT.DLL
2009-05-30 19:38:10 ----A---- C:\WINDOWS\system32\commonfx.dll
2009-05-30 19:38:10 ----A---- C:\WINDOWS\system32\AC3API.DLL
2009-05-30 19:38:10 ----A---- C:\WINDOWS\system32\a3d.dll
2009-05-30 19:33:44 ----D---- C:\Documents and Settings\Fred\Application Data\Creative
2009-05-30 08:40:54 ----D---- C:\Documents and Settings\Fred\Application Data\skypePM
2009-05-30 08:38:56 ----D---- C:\Documents and Settings\Fred\Application Data\Skype
2009-05-30 08:27:23 ----D---- C:\Program Files\Common Files\Skype
2009-05-30 08:27:19 ----RD---- C:\Program Files\Skype
2009-05-30 08:27:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-29 22:34:39 ----D---- C:\Documents and Settings\Fred\Application Data\ScanSoft
2009-05-29 22:34:05 ----D---- C:\WINDOWS\Cache
2009-05-29 22:34:04 ----D---- C:\Program Files\Coupons
2009-05-27 21:53:19 ----D---- C:\Program Files\MSXML 4.0
2009-05-27 07:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-05-27 07:53:22 ----D---- C:\Program Files\WinZip
2009-05-26 21:46:07 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-05-26 21:15:47 ----D---- C:\Program Files\directx
2009-05-26 21:15:25 ----D---- C:\Program Files\Common Files\Logitech
2009-05-26 21:15:21 ----A---- C:\WINDOWS\_delis32.ini
2009-05-26 21:14:49 ----RA---- C:\WINDOWS\system32\AthUnIns.exe
2009-05-26 21:14:39 ----D---- C:\Documents and Settings\Fred\Application Data\FotoWire
2009-05-26 21:14:38 ----D---- C:\Program Files\Common Files\FotoWire
2009-05-26 21:13:12 ----D---- C:\SXS
2009-05-26 21:13:06 ----D---- C:\Program Files\Logitech
2009-05-26 16:25:20 ----D---- C:\WINDOWS\Sun
2009-05-26 16:22:16 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-26 16:22:16 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-26 16:22:16 ----A---- C:\WINDOWS\system32\java.exe
2009-05-26 16:22:16 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-26 16:21:45 ----D---- C:\Program Files\Java
2009-05-26 16:19:42 ----D---- C:\Documents and Settings\Fred\Application Data\Sun
2009-05-25 22:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-25 22:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-25 22:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-25 21:52:17 ----D---- C:\Program Files\Viewpoint
2009-05-25 21:29:34 ----D---- C:\Album_201_US_Ret
2009-05-25 19:53:38 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-05-25 19:53:37 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-05-25 19:52:31 ----D---- C:\Documents and Settings\Fred\Application Data\Windows Desktop Search
2009-05-25 19:51:56 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-05-25 19:51:56 ----D---- C:\Program Files\Windows Desktop Search
2009-05-25 19:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-05-25 19:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-05-25 18:18:24 ----D---- C:\WINDOWS\system32\Data
2009-05-25 18:18:24 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-05-25 18:18:24 ----A---- C:\WINDOWS\system32\Aud2_Del.ini
2009-05-25 18:18:23 ----A---- C:\WINDOWS\INRES.DLL
2009-05-25 18:17:38 ----A---- C:\WINDOWS\system32\ctdvda32.dll
2009-05-25 18:17:28 ----A---- C:\WINDOWS\system32\AHQCpURes.dll
2009-05-25 18:14:48 ----A---- C:\WINDOWS\SBWIN.INI
2009-05-25 18:14:14 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-05-25 18:14:14 ----A---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-05-25 18:14:14 ----A---- C:\WINDOWS\system32\CTDetres.dll
2009-05-25 18:14:06 ----N---- C:\WINDOWS\system32\CTMEDENG.DLL
2009-05-25 18:14:03 ----A---- C:\WINDOWS\system32\CTMERes.DLL
2009-05-25 18:13:04 ----D---- C:\Program Files\Creative
2009-05-25 17:59:52 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-05-25 17:59:50 ----A---- C:\WINDOWS\system32\CNMLM78.DLL
2009-05-25 17:59:47 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-05-25 17:59:42 ----HD---- C:\Program Files\CanonBJ
2009-05-25 16:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-25 16:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-25 16:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-25 16:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-25 16:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-25 16:27:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-25 16:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-25 16:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-25 16:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-25 16:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-25 16:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-25 16:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-25 16:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-25 16:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-25 16:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-25 16:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-25 16:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-25 16:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-25 16:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-05-25 16:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-25 16:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-25 16:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-25 16:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-25 16:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-25 16:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-25 16:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-25 16:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-25 16:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-25 16:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-25 16:15:37 ----D---- C:\Documents and Settings\Fred\Application Data\Leadertech
2009-05-25 16:15:28 ----D---- C:\EPSONREG
2009-05-25 16:11:22 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-05-25 16:11:22 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-05-25 16:11:21 ----D---- C:\Program Files\ArcSoft
2009-05-25 16:10:56 ----N---- C:\WINDOWS\system32\PICSDK.ini
2009-05-25 16:10:56 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-05-25 16:10:55 ----N---- C:\WINDOWS\system32\EpPicPrt.dll
2009-05-25 16:10:55 ----N---- C:\WINDOWS\system32\EpPicMgr.dll
2009-05-25 16:10:17 ----RA---- C:\WINDOWS\StiRegstEng.dll
2009-05-25 16:10:16 ----A---- C:\WINDOWS\system32\Vbar332.dll
2009-05-25 16:10:16 ----A---- C:\WINDOWS\system32\Vb5db.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\Msxbse35.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\Mstext35.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\Msrepl35.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\Msrd2x35.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-05-25 16:10:15 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\rapi.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\Msjet35.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\Msexcl35.dll
2009-05-25 16:10:14 ----A---- C:\WINDOWS\system32\ceutil.dll
2009-05-25 16:10:01 ----D---- C:\Program Files\NewSoft
2009-05-25 16:09:57 ----A---- C:\WINDOWS\IsUninst.exe
2009-05-25 16:08:44 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint
2009-05-25 16:03:23 ----N---- C:\WINDOWS\system32\epDPE.ini
2009-05-25 16:03:23 ----A---- C:\WINDOWS\SlantAdj.dll
2009-05-25 16:03:23 ----A---- C:\WINDOWS\ADE.DLL
2009-05-25 16:02:54 ----D---- C:\Program Files\Smart Panel
2009-05-25 16:01:06 ----D---- C:\Program Files\epson
2009-05-25 16:01:05 ----A---- C:\WINDOWS\system32\eswia41.dll
2009-05-25 16:01:05 ----A---- C:\WINDOWS\system32\esint41.dll
2009-05-25 15:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-05-25 15:43:15 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-05-25 15:43:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-25 15:42:59 ----D---- C:\Program Files\Common Files\Adobe
2009-05-25 15:42:58 ----D---- C:\Program Files\Adobe
2009-05-25 15:37:54 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-05-25 15:34:24 ----A---- C:\WINDOWS\maxlink.ini
2009-05-25 15:33:51 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-05-25 15:33:41 ----D---- C:\Program Files\ScanSoft
2009-05-25 15:33:41 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-05-25 15:27:51 ----D---- C:\Program Files\Microsoft Works
2009-05-25 15:27:41 ----D---- C:\Program Files\MSBuild
2009-05-25 15:27:21 ----D---- C:\Program Files\Microsoft Visual Studio
2009-05-25 15:27:21 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-25 15:24:01 ----D---- C:\WINDOWS\SHELLNEW
2009-05-25 15:23:33 ----D---- C:\Program Files\Microsoft Office
2009-05-25 15:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-25 15:22:59 ----RHD---- C:\MSOCache
2009-05-25 15:17:13 ----D---- C:\Documents and Settings\Fred\Application Data\Macromedia
2009-05-25 15:17:13 ----D---- C:\Documents and Settings\Fred\Application Data\Adobe
2009-05-25 14:35:56 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-25 14:33:32 ----D---- C:\WINDOWS\Prefetch
2009-05-25 14:27:23 ----D---- C:\WINDOWS\system32\en-us
2009-05-25 14:27:22 ----D---- C:\WINDOWS\system32\scripting
2009-05-25 14:27:21 ----D---- C:\WINDOWS\l2schemas
2009-05-25 14:27:20 ----D---- C:\WINDOWS\system32\en
2009-05-25 14:21:43 ----D---- C:\WINDOWS\network diagnostic
2009-05-25 11:24:40 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-05-25 11:24:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-05-25 11:24:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-05-25 11:24:36 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-05-25 11:24:36 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-05-25 11:24:32 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-05-25 11:24:32 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-05-25 11:24:32 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-05-25 11:24:27 ----N---- C:\WINDOWS\system32\setupn.exe
2009-05-25 11:24:25 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-25 11:24:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-05-25 11:24:23 ----N---- C:\WINDOWS\system32\qutil.dll
2009-05-25 11:24:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-05-25 11:24:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-05-25 11:24:23 ----N---- C:\WINDOWS\system32\qagent.dll
2009-05-25 11:24:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-05-25 11:24:21 ----N---- C:\WINDOWS\system32\onex.dll
2009-05-25 11:24:17 ----N---- C:\WINDOWS\system32\napstat.exe
2009-05-25 11:24:17 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-05-25 11:24:17 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-05-25 11:24:17 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-05-25 11:24:17 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-05-25 11:24:16 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-25 11:24:16 ----N---- C:\WINDOWS\system32\mssha.dll
2009-05-25 11:24:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-05-25 11:24:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-25 11:24:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-05-25 11:24:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-25 11:24:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-25 11:24:06 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-05-25 11:24:06 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-05-25 11:24:06 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-25 11:24:06 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-25 11:24:06 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-25 11:23:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-05-25 11:23:59 ----A---- C:\WINDOWS\005121_.tmp
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-25 11:23:57 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-05-25 11:23:56 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-05-25 11:23:56 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-25 11:23:56 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-25 11:23:55 ----N---- C:\WINDOWS\system32\credssp.dll
2009-05-25 11:23:52 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-25 11:23:52 ----N---- C:\WINDOWS\system32\azroles.dll
2009-05-25 11:23:48 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-05-25 11:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-05-25 11:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-05-25 10:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-05-25 10:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-05-25 10:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-05-25 10:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-05-25 10:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-05-25 10:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-05-25 10:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-05-25 10:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-05-25 10:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-05-25 10:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-05-25 10:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-05-25 10:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-05-25 10:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-05-25 10:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-05-25 10:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-05-25 10:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-05-25 10:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-05-25 10:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-05-25 10:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-05-25 10:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-05-25 10:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-05-25 10:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-05-25 10:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-05-25 10:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-05-25 10:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-05-25 10:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-05-25 10:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-05-25 10:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-05-25 10:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-05-25 10:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-05-25 10:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-05-25 10:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-05-25 10:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-05-25 10:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-05-25 10:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-05-25 10:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-05-25 10:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-05-25 10:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-05-25 10:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-05-25 10:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-05-25 10:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-05-25 10:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-05-25 10:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-05-25 10:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-05-25 10:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-05-25 10:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-05-25 10:28:04 ----D---- C:\WINDOWS\peernet
2009-05-25 10:28:03 ----D---- C:\WINDOWS\provisioning
2009-05-25 10:26:22 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-25 10:21:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-25 10:20:12 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-25 10:20:01 ----D---- C:\WINDOWS\EHome
2009-05-25 10:15:09 ----SHD---- C:\RECYCLER
2009-05-25 10:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2009-05-25 10:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2009-05-25 10:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2009-05-25 10:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2009-05-25 10:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2009-05-25 10:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2009-05-25 10:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2009-05-25 10:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2009-05-25 10:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2009-05-25 10:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2009-05-25 10:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2009-05-25 10:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2009-05-25 10:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2009-05-25 10:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2009-05-25 10:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2009-05-25 10:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2009-05-25 10:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2009-05-25 10:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2009-05-25 10:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2009-05-25 10:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2009-05-25 10:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2009-05-25 10:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2009-05-25 10:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2009-05-25 10:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2009-05-25 10:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2009-05-25 10:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-05-25 10:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2009-05-25 10:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2009-05-25 10:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2009-05-25 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2009-05-25 10:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2009-05-25 10:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2009-05-25 10:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2009-05-25 10:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2009-05-25 10:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2009-05-25 10:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP8$
2009-05-25 10:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2009-05-25 10:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2009-05-25 10:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2009-05-25 10:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2009-05-25 10:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2009-05-25 10:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2009-05-25 10:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2009-05-25 10:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2009-05-25 10:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB904706_0$
2009-05-25 10:02:48 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-25 10:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2009-05-25 10:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2009-05-25 10:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2009-05-25 10:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2009-05-25 10:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2009-05-25 10:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2009-05-25 10:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2009-05-25 10:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2009-05-25 10:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2009-05-25 09:56:50 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-05-25 09:40:09 ----A---- C:\WINDOWS\system32\esent.dll
2009-05-25 09:36:39 ----D---- C:\Documents and Settings\Fred\Application Data\Mozilla
2009-05-25 09:34:01 ----D---- C:\Program Files\Mozilla Firefox
2009-05-25 09:32:49 ----A---- C:\WINDOWS\system32\dunzip32.dll
2009-05-25 09:28:56 ----D---- C:\WINDOWS\system32\PreInstall
2009-05-25 09:28:54 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-05-25 09:28:53 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-05-25 09:28:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-25 09:28:31 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-05-25 09:28:08 ----D---- C:\WINDOWS\system32\bits
2009-05-25 09:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-05-25 09:27:13 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-25 09:27:13 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-25 09:27:13 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-05-25 09:27:13 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-25 09:25:12 ----A---- C:\WINDOWS\system32\wups2.dll
2009-05-25 09:25:12 ----A---- C:\WINDOWS\system32\wups.dll
2009-05-25 09:25:12 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-05-25 09:25:12 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-05-25 09:25:12 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-05-25 09:25:11 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-05-25 09:25:11 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-05-25 09:24:43 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-25 09:06:06 ----D---- C:\Program Files\SiteAdvisor
2009-05-25 09:06:04 ----D---- C:\Documents and Settings\Fred\Application Data\SiteAdvisor
2009-05-25 09:04:23 ----D---- C:\Program Files\McAfee.com
2009-05-25 09:04:21 ----D---- C:\Program Files\Common Files\McAfee
2009-05-25 09:04:15 ----D---- C:\Program Files\McAfee
2009-05-25 09:03:29 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-05-25 08:51:45 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2009-05-25 08:51:43 ----N---- C:\WINDOWS\system32\USB54G.dll
2009-05-25 08:51:42 ----D---- C:\Program Files\Wireless-G Portable USB Adapter
2009-05-25 08:41:24 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-25 08:39:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-25 08:39:41 ----D---- C:\Program Files\Broadcom
2009-05-25 08:39:27 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-25 08:36:39 ----SHD---- C:\WINDOWS\Installer
2009-05-25 08:36:37 ----D---- C:\Documents and Settings\Fred\Application Data\Identities
2009-05-25 08:36:32 ----HD---- C:\Program Files\Uninstall Information
2009-05-25 08:36:29 ----ASH---- C:\Documents and Settings\Fred\Application Data\desktop.ini
2009-05-25 08:36:28 ----SD---- C:\Documents and Settings\Fred\Application Data\Microsoft
2009-05-25 08:35:44 ----SHD---- C:\System Volume Information
2009-05-25 08:35:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-25 07:53:45 ----D---- C:\WINDOWS\system32\xircom
2009-05-25 07:53:45 ----D---- C:\Program Files\xerox
2009-05-25 07:53:45 ----D---- C:\Program Files\microsoft frontpage
2009-05-25 07:53:43 ----D---- C:\DELL
2009-05-25 07:51:53 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2009-05-25 07:51:08 ----A---- C:\WINDOWS\control.ini
2009-05-25 07:51:08 ----A---- C:\AUTOEXEC.BAT
2009-05-25 07:51:04 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-25 07:51:02 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-05-25 07:50:24 ----RD---- C:\WINDOWS\Offline Web Pages
2009-05-25 07:50:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-25 07:50:23 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-25 07:50:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-25 07:50:01 ----D---- C:\WINDOWS\system32\DirectX
2009-05-25 07:49:39 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-25 07:49:39 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-25 07:49:39 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-25 07:49:39 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-25 07:49:38 ----A---- C:\WINDOWS\system32\atrace.dll
2009-05-25 07:49:36 ----A---- C:\WINDOWS\system32\desktop.ini
2009-05-25 07:49:36 ----A---- C:\WINDOWS\desktop.ini
2009-05-25 07:49:31 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-05-25 07:49:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-25 07:49:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-25 07:49:30 ----A---- C:\WINDOWS\system32\acctres.dll
2009-05-25 07:49:29 ----D---- C:\Program Files\Common Files\Services
2009-05-25 07:49:28 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-25 07:49:25 ----SD---- C:\WINDOWS\Tasks
2009-05-25 07:49:25 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-25 07:49:25 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-25 07:49:25 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-25 07:49:25 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-25 07:49:25 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-05-25 07:49:23 ----D---- C:\Program Files\Common Files\MSSoap
2009-05-25 07:49:19 ----D---- C:\WINDOWS\system32\Macromed
2009-05-25 07:49:19 ----D---- C:\WINDOWS\srchasst
2009-05-25 07:49:18 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-25 07:49:17 ----D---- C:\Program Files\Movie Maker
2009-05-25 07:49:14 ----D---- C:\WINDOWS\system32\Restore
2009-05-25 07:49:14 ----D---- C:\WINDOWS\PCHealth
2009-05-25 07:49:14 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-25 07:49:13 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-25 07:49:11 ----D---- C:\Program Files\NetMeeting
2009-05-25 07:49:11 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-25 07:49:11 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-25 07:49:10 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-25 07:49:09 ----D---- C:\Program Files\Outlook Express
2009-05-25 07:49:09 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-25 07:49:09 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-25 07:49:09 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-25 07:49:06 ----D---- C:\Program Files\Common Files\System
2009-05-25 07:49:03 ----D---- C:\Program Files\Internet Explorer
2009-05-25 07:49:00 ----D---- C:\Program Files\ComPlus Applications
2009-05-25 07:48:59 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-25 07:48:59 ----A---- C:\WINDOWS\vb.ini
2009-05-25 07:48:58 ----D---- C:\WINDOWS\Registration
2009-05-25 07:48:42 ----D---- C:\Program Files\WindowsUpdate
2009-05-25 07:48:41 ----D---- C:\Program Files\Windows Media Player
2009-05-25 07:48:41 ----D---- C:\Program Files\Online Services
2009-05-25 07:48:39 ----D---- C:\Program Files\Messenger
2009-05-25 07:48:35 ----D---- C:\Program Files\MSN Gaming Zone
2009-05-25 07:48:35 ----A---- C:\WINDOWS\system32\write.exe
2009-05-25 07:48:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-25 07:48:27 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-25 07:48:26 ----A---- C:\WINDOWS\system32\winchat.exe
2009-05-25 07:48:21 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-25 07:48:21 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-25 07:48:21 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-25 07:48:21 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\tskill.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\tscon.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\reset.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-25 07:48:20 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\shadow.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\regini.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\msg.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\logoff.exe
2009-05-25 07:48:19 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-05-25 07:48:18 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-25 07:48:18 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-25 07:48:18 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-05-25 07:48:18 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-25 07:48:18 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-25 07:48:17 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-25 07:48:16 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-25 07:48:16 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-25 07:48:16 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-25 07:48:16 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-25 07:48:16 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-25 07:48:10 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-05-25 07:48:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-25 07:48:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-25 07:48:10 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-25 07:48:05 ----D---- C:\Program Files\Windows NT
2009-05-25 07:48:05 ----D---- C:\Program Files\MSN
2009-05-25 07:48:05 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-05-25 07:48:05 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-25 07:48:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-25 07:48:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-25 07:48:05 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-25 07:48:04 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-25 07:48:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-05-25 07:48:04 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-25 07:48:04 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-25 07:48:04 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-25 07:48:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-25 07:48:02 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-25 07:48:02 ----D---- C:\WINDOWS\system32\Com
2009-05-25 07:48:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-25 07:47:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-25 03:47:33 ----A---- C:\WINDOWS\system32\h323log.txt
2009-05-24 19:30:57 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-05-24 19:30:56 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-24 19:30:16 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-24 19:29:41 ----A---- C:\WINDOWS\imsins.BAK
2009-05-24 19:29:38 ----D---- C:\Program Files\Common Files\ODBC
2009-05-24 19:29:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-24 19:29:38 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-24 19:29:35 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-05-24 19:29:34 ----RD---- C:\Program Files
2009-05-24 19:29:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-24 19:29:34 ----D---- C:\Program Files\Common Files
2009-05-24 19:29:32 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-05-24 19:29:32 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-05-24 19:29:32 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-05-24 19:29:30 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-05-24 19:29:28 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-05-24 19:29:27 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-05-24 19:29:27 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-05-24 19:29:27 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-05-24 19:29:27 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-05-24 19:29:27 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-05-24 19:29:25 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-05-24 19:29:23 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-24 19:29:23 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-05-24 19:29:23 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-05-24 19:29:22 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-05-24 19:29:22 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-05-24 19:29:21 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-05-24 19:29:20 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-05-24 19:29:20 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-24 19:29:20 ----A---- C:\WINDOWS\notepad.exe
2009-05-24 19:29:19 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-24 19:29:16 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-24 19:29:13 ----RA---- C:\WINDOWS\SETD.tmp
2009-05-24 19:29:12 ----RA---- C:\WINDOWS\SET7.tmp
2009-05-24 19:29:10 ----RA---- C:\WINDOWS\SET3.tmp
2009-05-24 19:29:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-24 19:29:03 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-24 19:28:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-24 19:28:44 ----A---- C:\WINDOWS\setuplog.txt
2009-05-24 19:28:41 ----D---- C:\Documents and Settings
2009-05-24 19:28:04 ----RASH---- C:\boot.ini
2009-05-24 19:24:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-24 19:24:59 ----RSD---- C:\WINDOWS\Fonts
2009-05-24 19:24:59 ----RD---- C:\WINDOWS\Web
2009-05-24 19:24:59 ----HD---- C:\WINDOWS\inf
2009-05-24 19:24:59 ----D---- C:\WINDOWS\WinSxS
2009-05-24 19:24:59 ----D---- C:\WINDOWS\twain_32
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Temp
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\wins
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\wbem
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\usmt
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\spool
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\ShellExt
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\Setup
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\ras
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\oobe
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\npp
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\mui
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\IME
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\icsxml
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\ias
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\export
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\drivers
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\dhcp
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\config
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\3com_dmi
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\3076
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\2052
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1054
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1042
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1041
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1037
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1033
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1031
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1028
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32\1025
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system32
2009-05-24 19:24:59 ----D---- C:\WINDOWS\system
2009-05-24 19:24:59 ----D---- C:\WINDOWS\security
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Resources
2009-05-24 19:24:59 ----D---- C:\WINDOWS\repair
2009-05-24 19:24:59 ----D---- C:\WINDOWS\mui
2009-05-24 19:24:59 ----D---- C:\WINDOWS\msapps
2009-05-24 19:24:59 ----D---- C:\WINDOWS\msagent
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Media
2009-05-24 19:24:59 ----D---- C:\WINDOWS\java
2009-05-24 19:24:59 ----D---- C:\WINDOWS\ime
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Help
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Driver Cache
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Debug
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Cursors
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Connection Wizard
2009-05-24 19:24:59 ----D---- C:\WINDOWS\Config
2009-05-24 19:24:59 ----D---- C:\WINDOWS\AppPatch
2009-05-24 19:24:59 ----D---- C:\WINDOWS\addins
2009-05-24 19:24:59 ----D---- C:\WINDOWS
2009-05-23 22:21:17 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2009-05-23 22:21:16 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2009-05-23 22:21:16 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2009-05-23 22:21:16 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2009-05-23 22:21:16 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2009-05-23 22:21:15 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2009-05-23 22:21:15 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2009-05-23 22:21:15 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2009-05-23 22:21:15 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2009-05-23 22:21:14 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2009-05-23 22:21:14 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2009-05-23 22:21:14 ----A---- C:\WINDOWS\system32\nvwrses.dll
2009-05-23 22:21:14 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2009-05-23 22:21:14 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2009-05-23 22:21:12 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-05-23 22:21:12 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-05-23 22:21:11 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-05-23 22:21:11 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-05-23 22:21:10 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-05-23 22:21:10 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-05-23 22:21:09 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-05-23 22:21:08 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-05-23 22:21:07 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-05-23 22:21:07 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-05-23 22:21:06 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-05-23 22:21:06 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-05-23 22:21:05 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-05-23 22:21:05 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-05-23 22:21:04 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-05-23 22:21:03 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-05-23 22:21:03 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-05-23 22:20:59 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-05-23 22:20:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll

======List of files/folders modified in the last 1 months======

2009-06-01 17:13:31 ----A---- C:\WINDOWS\win.ini
2009-05-25 10:24:13 ----RASH---- C:\NTDETECT.COM
2009-05-25 00:24:06 ----A---- C:\WINDOWS\system32\mssph.dll
2009-05-24 19:29:34 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-20 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-20 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-20 135248]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-20 116000]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\GTNDIS5.SYS []
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-03-26 823616]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\System32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WscNetDr;MWL Filter Miniport; C:\WINDOWS\System32\DRIVERS\WscNetDr.sys [2006-05-15 86880]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-11 1005904]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2006-07-24 554600]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2006-07-16 231008]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MWLSvc;McAfee Wireless Network Security Service; C:\Program Files\Mcafee\MWL\MwlSvc.exe [2006-07-26 947824]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 WUSB54GPSVC;WUSB54GPSVC; C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe [2004-02-06 41025]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2006-07-27 58920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby nfearls » June 15th, 2009, 11:46 am

Here is info.txt

info.txt logfile of random's system information tool 1.06 2009-06-15 11:43:37

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=g:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop Album 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Broadcom Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Canon iP4200-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200 /L0x0009
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON Perf 2480 - 2580 Guide-->C:\Program Files\epson\guide\perf2480_2580_e\uninstall.exe
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
Firefox Quick Uploader plugin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B6CC814-EA2A-436B-BCDB-6A30E998523A}\setup.exe" -l0x9 something -removeonly
HijackThis 2.0.2-->"C:\Documents and Settings\Fred\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee SiteAdvisor for Internet Explorer-->C:\Program Files\SiteAdvisor\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PaperPort 9.0-->MsiExec.exe /I{FDCE9C15-EB45-11D5-89C7-0050DA162A25}
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Pinnacle Instant DVD Recorder-->MsiExec.exe /X{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pinnacle Video Driver-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"
proDAD Mercalli 1.0-->"C:\Program Files\proDAD\Mercalli-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Mercalli
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Security 2009-->C:\Documents and Settings\Fred\Start Menu\Programs\System Security\System Security 2009 Support.lnk
Trojan Guarder 6.50-->"C:\Program Files\Trojan Guarder\unins000.exe"
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
TweetDeck-->MsiExec.exe /X{A9B02DB6-F7BD-16B5-10F2-584333CDD70A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Office 2007 (KB934391)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Communicator Bin Files-->MsiExec.exe /I{64887FC8-F0AD-42B5-B052-3E52D64CA4B3}
Visual Communicator-->MsiExec.exe /I{702C1A86-EA38-4298-A810-3A1B7E36AA02}
WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Wireless-G Portable USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97B9314B-134D-482B-A32E-1E6123BE0F64}\setup.exe" -l0x9

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: EARLS
Event Code: 7000
Message: The McAfee SiteAdvisor Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 3115
Source Name: Service Control Manager
Time Written: 20090615103657.000000-240
Event Type: error
User:

Computer Name: EARLS
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the McAfee SiteAdvisor Service service to connect.

Record Number: 3114
Source Name: Service Control Manager
Time Written: 20090615103657.000000-240
Event Type: error
User:

Computer Name: EARLS
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service McAfee SiteAdvisor Service with arguments ""
in order to run the server:
{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Record Number: 3113
Source Name: DCOM
Time Written: 20090615103657.000000-240
Event Type: error
User: EARLS\Fred

Computer Name: EARLS
Event Code: 7000
Message: The McAfee SiteAdvisor Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 3112
Source Name: Service Control Manager
Time Written: 20090615103656.000000-240
Event Type: error
User:

Computer Name: EARLS
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the McAfee SiteAdvisor Service service to connect.

Record Number: 3111
Source Name: Service Control Manager
Time Written: 20090615103656.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: EARLS
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Accessibility, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 319
Source Name: .NET Runtime Optimization Service
Time Written: 20090530231347.000000-240
Event Type:
User:

Computer Name: EARLS
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 304
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090530224454.000000-240
Event Type: warning
User:

Computer Name: EARLS
Event Code: 10005
Message: Product: Pinnacle Studio 12 -- You have chosen to exit the installation. Setup will now abort.

Record Number: 298
Source Name: MsiInstaller
Time Written: 20090530223120.000000-240
Event Type: error
User: EARLS\Fred

Computer Name: EARLS
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3044 (0xbe4)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.0.0.349 / 5301.4018
Object being scanned = \Device\HarddiskVolume3\C BackUp\Studio 12 download\Studio_STANDARD_12_0_1.part1.exe
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 296
Source Name: McLogEvent
Time Written: 20090530221848.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: EARLS
Event Code: 1000
Message: Faulting application photoshopalbum.exe, version 2.0.1.16985, faulting module photoshopalbum.exe, version 2.0.1.16985, fault address 0x005e733a.

Record Number: 256
Source Name: Application Error
Time Written: 20090529233608.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Support Tools\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby Shaba » June 15th, 2009, 12:12 pm

Have you run any scans meanwhile?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 15th, 2009, 2:12 pm

no, I haven't ran any scans. I cant even get mcafee to run.
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby Shaba » June 15th, 2009, 2:23 pm

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 16th, 2009, 6:57 am

gmer info

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-16 06:49:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 895441F8 ZwEnumerateKey
Code 89544898 ZwFlushInstructionCache
Code 89B4F36E IofCallDriver
Code 89B55236 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 89B4F373
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 89B5523B
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 895441FC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8954489C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\services.exe[308] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\lsass.exe[320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETlxetjdbc.sys (*** hidden *** ) [SYSTEM] SKYNETulqjbppq <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq@imagepath \systemroot\system32\drivers\SKYNETlxetjdbc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main@aid 10120
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETlxetjdbc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETjyisnodp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules@SKYNETlog.dat \systemroot\system32\SKYNETpyltfmmo.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETytiqjbfy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETulqjbppq\modules@SKYNET.dat \systemroot\system32\SKYNETrjmrolpl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq@imagepath \systemroot\system32\drivers\SKYNETlxetjdbc.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main@aid 10120
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETlxetjdbc.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETjyisnodp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules@SKYNETlog.dat \systemroot\system32\SKYNETpyltfmmo.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETytiqjbfy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETulqjbppq\modules@SKYNET.dat \systemroot\system32\SKYNETrjmrolpl.dat
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\SKYNETjyisnodp.dll 44032 bytes executable
File C:\WINDOWS\system32\SKYNETpyltfmmo.dat 175014 bytes
File C:\WINDOWS\system32\SKYNETytiqjbfy.dll 19968 bytes executable
File C:\WINDOWS\system32\drivers\SKYNETlxetjdbc.sys 69120 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\Temp\SKYNETcyctqevxme.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdaqdstrqpw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdcetngdkms.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdcxnmerjkt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdieenwkkjt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETeagmgjpenl.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETegeisvmpeq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETehhdpjkkha.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETextapjqxpt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfdxvribilr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfgvgnlgcjk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfitciqmurx.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfvnnqwhpyl.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETggqdriemui.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETgpxprrxiud.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThxnmdetnwm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjvqfwpgkxf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjwmcvputti.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETlesebvcaby.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETmsdpjkidib.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETnpxujfuxdm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\sqlite_VHLOy1PEjUQMjpO 1024 bytes
File C:\WINDOWS\Temp\sqlite_vY1atILQgiDN96i 1024 bytes
File C:\WINDOWS\Temp\sqlite_VYDZmL5QHIFfIwh 1024 bytes
File C:\WINDOWS\Temp\sqlite_WNC24W2CZXZe0JN 1024 bytes
File C:\WINDOWS\Temp\sqlite_x8TWCA72MrMf4ck 1024 bytes
File C:\WINDOWS\Temp\sqlite_xO5JDF9xeCFOBes 1024 bytes
File C:\WINDOWS\Temp\sqlite_YmqSlkEAYZeNZdW 1024 bytes
File C:\WINDOWS\Temp\sqlite_ZA7yl3eF4y5L677 1024 bytes
File C:\WINDOWS\Temp\sqlite_Zsc4fx9piE19y5a 1024 bytes
File C:\WINDOWS\Temp\sqlite_zySHH0C4Mj0e46O 1024 bytes
File C:\WINDOWS\Temp\Temporary Internet Files 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\061-4512.English[1].dist 6760 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\061-4609.English[1].dist 18471 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\061-5850.English[1].dist 17749 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\061-6273.English[1].dist 17079 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\061-6667.English[1].dist 33042 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09FICRYX\desktop.ini 67 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\061-4513.English[1].dist 6869 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\061-4972.English[1].dist 17087 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\061-6116.English[1].dist 24791 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\061-6274.English[1].dist 17070 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\061-6684.English[1].dist 28797 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\desktop.ini 67 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\INVRL3WP\index-windows-1[1].sucatalog 73186 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-3452.English[1].dist 3742 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-4200.English[1].dist 6293 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-4514.English[1].dist 6484 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-5790.English[1].dist 17755 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-6235.English[1].dist 18227 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\061-6310.English[1].dist 17941 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NYLDRVJ1\desktop.ini 67 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\061-4249.English[1].dist 6025 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\061-4608.English[1].dist 18478 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\061-5849.English[1].dist 3161 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\061-6236.English[1].dist 18218 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\061-6666.English[1].dist 33769 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W0H7Y054\desktop.ini 67 bytes
File C:\WINDOWS\Temp\_isTmp_{8675309} 0 bytes
File C:\WINDOWS\Temp\{169F8893-C1C5-4847-972C-EA1E008112AC} 0 bytes
File C:\WINDOWS\Temp\{236FADD8-58FD-11D6-A285-00A0CC51B2FE} 0 bytes
File C:\WINDOWS\Temp\{435E969D-867E-4364-8E74-3DC8A69C5BDB} 0 bytes
File C:\WINDOWS\Temp\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE} 0 bytes
File C:\WINDOWS\Temp\{7201B853-5833-11D6-A285-00A0CC51B2FE} 0 bytes
File C:\WINDOWS\Temp\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B} 0 bytes
File C:\WINDOWS\Temp\SKYNETphosspulqa.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETppopsphanc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqvabtsnomb.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrcrepbdmex.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETreexuecwbd.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrentnspjqw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsgnchsjcjf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETstrpfhqfpy.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtnwkeinixr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETttrqcsvrir.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETufpwkrgyyc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETuqfvkbhtie.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETuymdwptepm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETvgqevituic.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETvmerpvrenu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETvsivsbfger.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETwmidmcxjkc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETwokxrtfgqd.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxiouoiqycp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxiqhvfomkv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETyecqntvqyk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\sqlite_15gmPpMERK4A4gZ 1024 bytes
File C:\WINDOWS\Temp\sqlite_1p8tZxk7tXSVCVg 1024 bytes
File C:\WINDOWS\Temp\sqlite_3N3kHX8gYMz3dL6 1024 bytes
File C:\WINDOWS\Temp\sqlite_7dBeWhWV1vuKKgA 1024 bytes
File C:\WINDOWS\Temp\sqlite_8SCQBDDoLzUuxwc 1024 bytes
File C:\WINDOWS\Temp\sqlite_a1kfVt2oUCYtnWP 1024 bytes
File C:\WINDOWS\Temp\sqlite_b2W217KQDrzFFlm 1024 bytes
File C:\WINDOWS\Temp\sqlite_b3V7CCq9Tr48ZVm 1024 bytes
File C:\WINDOWS\Temp\sqlite_b5jr7gF8lt0tUI9 1024 bytes
File C:\WINDOWS\Temp\sqlite_BcyKXuCZ64QKKVK 1024 bytes
File C:\WINDOWS\Temp\sqlite_bPVwUfU9cYjPef2 1024 bytes
File C:\WINDOWS\Temp\sqlite_ckTJJsvGUC61RBm 1024 bytes
File C:\WINDOWS\Temp\sqlite_d6daheEJd1Dgdz0 1024 bytes
File C:\WINDOWS\Temp\sqlite_EaCWDdT1sSl6n61 1024 bytes
File C:\WINDOWS\Temp\sqlite_FDfE67b6GncHyII 1024 bytes
File C:\WINDOWS\Temp\sqlite_GpHNfSTFT8qnLal 1024 bytes
File C:\WINDOWS\Temp\sqlite_gY7nG2wVREs498d 1024 bytes
File C:\WINDOWS\Temp\sqlite_i0icrgwy18PqvmT 1024 bytes
File C:\WINDOWS\Temp\sqlite_i1ykfKFeVgOUab7 1024 bytes
File C:\WINDOWS\Temp\SKYNETcqlfwhpjuk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETnsdeyirrcr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\sqlite_i3010sL91T6jgeg 1024 bytes
File C:\WINDOWS\Temp\sqlite_uawvKyhJ45lby0Y 1024 bytes
File C:\WINDOWS\Temp\SKYNETajpiwtswem.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETatxlecbrxi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbcvfquobwu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbdwfpxupqp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbyqxvircuy.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcofthqpcio.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcpctqenvst.tmp 20992 bytes executable
File C:\WINDOWS\Temp\sqlite_Jf8ielCDz50hdSk 1024 bytes
File C:\WINDOWS\Temp\sqlite_jNImIOeTvS5DMEL 1024 bytes
File C:\WINDOWS\Temp\sqlite_Jy3ajV0NpF9NlK9 1024 bytes
File C:\WINDOWS\Temp\sqlite_kqPU9VITjeYhjYP 1024 bytes
File C:\WINDOWS\Temp\sqlite_kx4TgJZylCTNvWn 1024 bytes
File C:\WINDOWS\Temp\sqlite_lEM3auEn7Zi0b7V 1024 bytes
File C:\WINDOWS\Temp\sqlite_LEUYfQ3NAc2AHvO 1024 bytes
File C:\WINDOWS\Temp\sqlite_LIMbgwveeyo9fYv 1024 bytes
File C:\WINDOWS\Temp\sqlite_muiaZXz7VUx0Pxo 1024 bytes
File C:\WINDOWS\Temp\sqlite_NUiAY8IHhxYvZiW 1024 bytes
File C:\WINDOWS\Temp\sqlite_pBAn32VeFa5fQ8J 1024 bytes
File C:\WINDOWS\Temp\sqlite_pH78UEYfi5HSD3j 1024 bytes
File C:\WINDOWS\Temp\sqlite_Q3dskIF8MdJgDbL 1024 bytes
File C:\WINDOWS\Temp\sqlite_qB41PjyVrwGagSM 1024 bytes
File C:\WINDOWS\Temp\sqlite_qfezaQ3yny7kIs5 1024 bytes
File C:\WINDOWS\Temp\sqlite_rhV5aVNsNqTrt56 1024 bytes
File C:\WINDOWS\Temp\sqlite_RIe9j1sodVltWl9 1024 bytes
File C:\WINDOWS\Temp\sqlite_siVzFN00D7hJZiM 1024 bytes
File C:\WINDOWS\Temp\sqlite_sJbEBCRtcXJRcIc 1024 bytes
File C:\WINDOWS\Temp\sqlite_ssPpIahWC4l4ScX 1024 bytes
File C:\WINDOWS\Temp\sqlite_tAP8zwJ0R4wONE5 0 bytes
File C:\WINDOWS\Temp\sqlite_tbG3VwdI8Zp8Awl 1024 bytes
File C:\WINDOWS\Temp\sqlite_TEqErE1pc8Gka4S 1024 bytes
File C:\WINDOWS\Temp\sqlite_u6oFd5rXPvYNRro 1024 bytes
File C:\WINDOWS\Temp\{7A900EAB-DA37-4554-AF19-9C337476D05D} 0 bytes
File C:\WINDOWS\Temp\{9154ED7C-926E-49CC-B677-0CF3C5267457} 0 bytes
File C:\WINDOWS\Temp\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100} 0 bytes
File C:\WINDOWS\Temp\{A1185190-514F-11D6-A285-00A0CC51B2FE} 0 bytes
File C:\WINDOWS\Temp\{AC157741-3285-4D6A-B934-9174587A3493} 0 bytes
File C:\WINDOWS\Temp\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96} 0 bytes
File C:\WINDOWS\Temp\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE} 0 bytes
File C:\WINDOWS\Temp\{EE6699B3-E5AD-4E59-8F2B-207DF630670C} 0 bytes
File C:\WINDOWS\Temp\{FD851F7E-F887-405D-9E1C-488811113EF3} 0 bytes

---- EOF - GMER 1.0.15 ----
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby Shaba » June 16th, 2009, 8:28 am

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 17th, 2009, 11:03 am

combo fix log...hijack this in next reply

ComboFix 09-06-15.07 - Fred 06/17/2009 10:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1690 [GMT -4:00]
Running from: c:\documents and settings\Fred\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETlxetjdbc.sys
c:\windows\system32\SKYNETjyisnodp.dll
c:\windows\system32\SKYNETpyltfmmo.dat
c:\windows\system32\SKYNETrjmrolpl.dat
c:\windows\system32\SKYNETytiqjbfy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETulqjbppq


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-16 16:12 . 2009-06-16 16:12 -------- d-----w- c:\documents and settings\Fred\Application Data\Snapfish
2009-06-15 21:12 . 2009-06-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-15 21:11 . 2009-06-15 21:11 -------- d-----w- c:\program files\Common Files\iS3
2009-06-15 21:11 . 2009-06-16 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-15 19:25 . 2009-06-17 11:52 117760 ----a-w- c:\documents and settings\Fred\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-15 19:25 . 2009-06-15 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 19:24 . 2009-06-15 19:24 65024 ----a-r- c:\documents and settings\Fred\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-06-15 19:24 . 2009-06-15 19:24 18944 ----a-r- c:\documents and settings\Fred\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-06-15 19:24 . 2009-06-15 19:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-15 19:24 . 2009-06-15 19:24 -------- d-----w- c:\documents and settings\Fred\Application Data\SUPERAntiSpyware.com
2009-06-15 19:24 . 2009-06-15 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-15 19:04 . 2009-06-15 19:04 -------- d-----w- c:\program files\PCPitstop
2009-06-15 18:20 . 2009-06-15 18:20 -------- d-----w- c:\documents and settings\Fred\Application Data\Malwarebytes
2009-06-15 18:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 18:16 . 2009-06-15 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 18:16 . 2009-06-15 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 18:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 15:50 . 2009-06-15 17:59 -------- d-----w- c:\program files\Spyware Doctor
2009-06-15 15:42 . 2009-06-15 15:43 -------- d-----w- C:\rsit
2009-06-15 13:25 . 2009-06-15 13:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-15 11:24 . 2009-06-15 11:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-15 01:58 . 2009-06-15 01:58 390664 ----a-w- c:\documents and settings\Fred\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-11 14:59 . 2009-06-11 14:59 -------- d-----w- c:\windows\McAfee.com
2009-06-11 14:33 . 2009-06-11 11:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 11:43 . 2009-06-11 11:43 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-11 11:43 . 2009-06-11 11:43 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-11 11:43 . 2009-06-11 11:43 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-11 11:43 . 2009-06-11 11:43 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-11 11:43 . 2009-06-11 11:43 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-11 11:41 . 2009-06-11 11:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 11:41 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-11 11:40 . 2009-06-11 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-11 11:40 . 2009-06-11 11:40 -------- d-----w- c:\program files\Lavasoft
2009-06-11 11:34 . 2009-06-16 02:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-11 11:34 . 2009-06-11 11:36 -------- d-----w- c:\program files\SpywareBlaster
2009-06-11 11:17 . 2009-06-11 11:17 127 ----a-w- c:\documents and settings\Fred\Local Settings\Application Data\fusioncache.dat
2009-06-11 11:17 . 2009-06-17 10:59 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\ApplicationHistory
2009-06-11 11:15 . 2009-06-11 11:15 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-11 11:10 . 2009-06-11 11:10 -------- d-sh--w- c:\documents and settings\Fred\IECompatCache
2009-06-11 11:08 . 2009-06-11 11:08 -------- d-sh--w- c:\documents and settings\Fred\PrivacIE
2009-06-10 10:50 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 10:50 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 10:50 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 10:50 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 10:48 . 2009-06-10 10:48 152576 ----a-w- c:\documents and settings\Fred\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 10:46 . 2009-06-10 10:46 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-06-10 00:02 . 2009-06-10 18:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-10 00:02 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 14:19 . 2009-06-09 14:19 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Serious Magic
2009-06-09 14:16 . 2009-06-09 14:16 -------- d-----w- c:\program files\Common Files\Serious Magic
2009-06-09 14:06 . 2009-06-09 14:06 -------- d-----w- c:\program files\Serious Magic
2009-06-08 11:24 . 2009-06-08 11:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-08 02:54 . 2009-06-08 02:54 -------- d-----w- c:\documents and settings\Fred\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-06-08 02:53 . 2009-06-08 02:52 38208 ----a-w- c:\documents and settings\Fred\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-08 02:53 . 2009-06-08 02:53 -------- d-----w- c:\program files\TweetDeck
2009-06-08 02:53 . 2009-06-08 02:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-07 16:51 . 2009-06-07 16:51 -------- d-----w- C:\Search
2009-06-07 01:53 . 2009-06-16 19:02 -------- d-----w- c:\documents and settings\Fred\Application Data\FileZilla
2009-06-07 01:53 . 2009-06-07 01:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-06 16:48 . 2009-06-06 16:48 -------- d-----w- c:\documents and settings\Fred\Application Data\EPSON
2009-06-06 16:23 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-06 16:23 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-06 10:41 . 2009-06-06 10:41 -------- d--h--w- c:\windows\PIF
2009-06-04 16:08 . 2009-06-04 16:08 -------- d-----w- c:\documents and settings\Danita\Local Settings\Application Data\Apple Computer
2009-06-04 01:12 . 2009-06-04 01:12 -------- d-----w- c:\windows\system32\NtmsData
2009-06-04 01:08 . 2009-06-04 01:08 -------- d-----w- c:\documents and settings\Fred\Application Data\Windows Search
2009-06-04 00:56 . 2009-06-04 01:29 -------- d-----w- c:\program files\Support Tools
2009-06-04 00:26 . 2009-06-04 00:26 -------- d-----w- c:\documents and settings\Danita\Local Settings\Application Data\Microsoft Help
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\program files\PayPal
2009-06-03 14:00 . 2009-06-03 14:00 -------- d-----w- c:\documents and settings\Fred\Application Data\InstallShield
2009-06-03 00:33 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-06-03 00:33 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-06-03 00:33 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-06-03 00:33 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-06-03 00:33 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-06-03 00:33 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-06-02 02:51 . 2009-06-02 02:51 -------- d-----w- c:\documents and settings\Fred\Application Data\Apple Computer
2009-06-02 02:47 . 2009-06-02 02:48 -------- d-----w- c:\program files\QuickTime
2009-06-02 02:47 . 2009-06-02 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 02:47 . 2009-06-02 02:47 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Apple
2009-06-02 02:47 . 2009-06-02 02:47 -------- d-----w- c:\program files\Apple Software Update
2009-06-02 02:47 . 2009-06-02 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-02 02:46 . 2009-06-02 02:46 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Apple Computer
2009-06-02 02:39 . 2009-06-02 02:39 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 02:38 . 2009-06-02 02:38 -------- d-----w- c:\program files\Real
2009-06-02 02:38 . 2009-06-02 02:38 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 00:31 . 2009-06-02 00:31 -------- d-sh--w- c:\documents and settings\Danita\IETldCache
2009-06-01 23:49 . 2009-06-01 23:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-01 21:37 . 2009-06-01 22:57 -------- d-----w- c:\documents and settings\Fred\dwhelper
2009-06-01 21:30 . 2009-06-01 21:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-01 21:30 . 2009-06-01 21:30 -------- d-sh--w- c:\documents and settings\Fred\IETldCache
2009-06-01 21:27 . 2009-06-11 02:04 -------- d-----w- c:\windows\ie8updates
2009-06-01 21:23 . 2009-06-01 21:25 -------- dc-h--w- c:\windows\ie8
2009-06-01 21:21 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-01 21:14 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-01 21:13 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-01 21:13 . 2009-06-01 21:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-01 21:11 . 2009-06-11 11:33 -------- d-----w- c:\windows\system32\LogFiles
2009-06-01 21:11 . 2009-06-01 21:12 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\program files\eBay
2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\documents and settings\All Users\eBay
2009-06-01 00:51 . 2009-06-01 10:04 -------- d-----w- c:\documents and settings\Fred\Application Data\AdobeUM
2009-05-31 12:21 . 2009-06-17 14:50 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2009-05-31 12:21 . 2009-06-17 14:50 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2009-05-31 12:19 . 2009-05-31 12:19 -------- d-----w- c:\windows\nview
2009-05-31 12:19 . 2008-05-16 18:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-31 12:19 . 2008-05-16 15:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-31 12:18 . 2009-05-31 12:18 -------- d-----w- C:\NVIDIA
2009-05-31 12:09 . 2009-05-31 12:09 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-31 12:09 . 2009-05-31 12:09 -------- d-----w- c:\documents and settings\Fred\Application Data\SystemRequirementsLab
2009-05-31 12:09 . 2009-05-31 12:09 290816 ----a-w- c:\documents and settings\Fred\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-31 12:09 . 2009-05-31 12:09 290816 ----a-w- c:\documents and settings\Fred\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-31 12:09 . 2009-05-31 12:09 290816 ----a-w- c:\documents and settings\Fred\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-31 12:09 . 2009-05-31 12:09 290816 ----a-w- c:\documents and settings\Fred\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\program files\proDAD
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\documents and settings\Fred\Application Data\proDAD
2009-05-31 02:59 . 2009-05-31 02:59 29926 ----a-r- c:\documents and settings\Fred\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-05-31 02:59 . 2005-09-24 03:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-05-31 02:59 . 2009-06-11 11:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-31 02:59 . 2009-05-31 02:59 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-05-31 02:58 . 2009-05-31 02:58 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Downloaded Installations
2009-05-31 02:58 . 2009-05-31 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2009-05-31 02:51 . 2009-05-31 02:51 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-05-31 02:51 . 2009-05-31 02:51 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-05-31 02:51 . 2009-05-31 03:00 -------- d-----w- c:\program files\Pinnacle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 16:23 . 2009-05-26 00:42 101888 ----a-w- c:\documents and settings\Danita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 23:38 . 2009-05-30 23:38 184 ----a-w- c:\windows\system32\e000002.dat
2009-05-25 20:10 . 2009-05-25 20:10 -------- d-----w- c:\program files\NewSoft
2009-05-25 18:30 . 2009-05-25 11:50 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-25 11:53 . 2009-05-25 11:53 -------- d-----w- c:\program files\microsoft frontpage
2009-05-25 11:49 . 2009-05-25 11:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 02:13 . 2009-05-07 02:13 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-05-07 02:13 . 2009-05-07 02:13 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-04-17 12:26 . 2003-07-16 20:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2003-05-04 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-05-04 40960]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-26 148888]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-11 518488]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-25 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/11/2009 7:44 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 WUSB54GPSVC;WUSB54GPSVC;c:\program files\Wireless-G Portable USB Adapter\WLService.exe [5/25/2009 8:51 AM 41025]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:43]

2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MWLExe - c:\program files\Mcafee\MWL\MWLGui.exe
HKLM-Run-13464534 - c:\documents and settings\All Users\Application Data\13464534\13464534.exe


.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,69,70,52,0c,b6,
89,18,5b,e2,63,26,f1,3f,c8,ff,68,a0,69,8f,4b,45,3c,77,a2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,c6,b7,1e,79,cb,
eb,b8,9f,6a,9c,d6,61,af,45,84,18,28,10,33,06,e9,c5,4f,c2,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f1,9d,8b,88,00,
03,87,48,ff,7c,85,e0,43,d4,0e,fe,c5,ff,4e,c8,14,76,32,c8,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,58,22,96,4e,3b,
ef,8e,0b,86,8c,21,01,be,91,eb,e7,51,21,20,ef,7d,a3,22,33,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e0,1d,45,fa,ae,
c9,f0,d9,f5,1d,4d,73,a8,13,5c,05,a6,ac,66,45,a1,43,63,0d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,1f,a1,1c,a3,ed,
9f,32,9e,df,20,58,62,78,6b,cf,c8,83,93,fc,65,f2,73,77,4d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,47,4a,8b,e4,7e,
19,15,85,fb,a7,78,e6,12,2f,9a,ea,45,0e,9b,25,9d,b3,dc,61,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,0a,c3,8f,32,98,
7c,ea,54,01,3a,48,fc,e8,04,4a,f1,74,96,69,ce,1f,40,0e,98,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,45,d1,4e,e6,48,
2d,49,91,f6,0f,4e,58,98,5b,89,c9,40,c8,80,fb,79,b9,c3,3d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e7,73,91,72,e7,
2a,d7,82,3d,ce,ea,26,2d,45,aa,78,ab,00,a7,bd,22,2c,57,5b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a2,18,c4,82,d8,
10,c0,fa,2a,b7,cc,b5,b9,7f,41,e7,bf,40,fb,b4,bc,18,1d,b8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,dc,8f,af,9f,7e,
a3,64,4b,6c,43,2d,1e,aa,22,2f,9c,d5,6c,ce,d3,ef,60,5b,b0,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-06-17 11:00
ComboFix-quarantined-files.txt 2009-06-17 15:00

Pre-Run: 163,387,838,464 bytes free
Post-Run: 163,548,622,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

331 --- E O F --- 2009-06-15 07:01
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby nfearls » June 17th, 2009, 11:04 am

new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:23 AM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fred\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3257864733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3264050515
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 8972 bytes
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm

Re: w32 worm removal help please

Unread postby Shaba » June 17th, 2009, 11:18 am

Have you uninstalled McAfee?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: w32 worm removal help please

Unread postby nfearls » June 17th, 2009, 1:17 pm

I had to completely uninstall mcafee to run combofix, so YES, it is uninstalled right now.
nfearls
Active Member
 
Posts: 12
Joined: June 11th, 2009, 1:43 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware