Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Security 2010-malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Security 2010-malware

Unread postby PapaBear » January 7th, 2010, 12:38 pm

This is the 3rd time since Christmas Eve and the 2nd time this specific malware has infected one of my computers. This Internet Security 2010 is quite aggressive. It adds logs/files/entries to the registry that blocks the task manager, registry edit, command prompt, and this time has blocked both Fire Fox and IE. Spy Bot S&D is able to remove the registry entries and allow me to open the task manager, the registry editor, and the command prompt but my browsers are still blocked. It also blocks AVG from installing. I have to transfer files via an MP3 player because it also blocks my home network as well. Yesterday my other computer became infected with this and I ran a Spyware Dr. scan and deleted the files it listed associated with IS2010 but I fear I deleted one file to many and my desk top would not load, even in safe mode. That computer is just a web browsing computer for the family and no important information so I reformatted(again) and this morning IS2010 has invaded my gaming computer.

Thus far I have ran a scan with Dr.Web and it has deleted/moved some files. I also deleted the 41.exe file from the System32 folder. Then I found this forum and have ran a Hijack This scan as instructed. The results are as follows:

***UPDATE***
Since this was the 3rd time having been infected by the same kind of malware I was able to use what I learned from my previous failures to remove this thing. I was able to stop the Internet Security 2010 from executing anymore. I down loaded AVG Free version(un-empoyerd and cant afford anything else). Now I still have a problem with my Fire Fox Browser randomly redirecting me when I click on a link. Example: I did a search for e-bay, and MyEbay is the second link in the Google search results. When I click on the link it re-directs me to this site http://???.searchfindsite.com/6951/search.php?keyword=Www%20Ebay%20Com&sid=9680db27272f1769ee4e9c4a4cb50914&cid=BPO
Also, when I start Windows I can here 2 critical stop messages but only one is present when the desk top loads. Error loading C:\WINDOWS\uvemijgoki.dll The specified module could not be found.
I can only assume that there are portions of malware still present and 4 scans with Malware Bytes and 2 scans with AVG have not corrected the issue. I left my Original scans and can make new ones if you wish. I'm a fairly capable person if I have a little direction and I understand completely that you are very busy. Any help/advice will be appreciated.

Gary~


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:12:15 AM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\Gary S. Priest\Application Data\SystemProc\lsass.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\WINDOWS\system32\ctfmon.exe
E:\cureit.exe
C:\DOCUME~1\GARYS~1.PRI\LOCALS~1\Temp\RarSFX1\ac2n8k.exe
C:\DOCUME~1\GARYS~1.PRI\LOCALS~1\Temp\RarSFX1\8b2vbXP.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\Documents and Settings\Gary S. Priest\Application Data\lsass.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Rzoke] rundll32.exe "C:\WINDOWS\uvemijigoki.dll",Startup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9235] command.com /c del "C:\WINDOWS\uvemijigoki.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9780] cmd.exe /c del "C:\WINDOWS\uvemijigoki.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7477] command.com /c del "C:\WINDOWS\uvemijigoki.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9302] cmd.exe /c del "C:\WINDOWS\uvemijigoki.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Gary S. Priest\Application Data\SystemProc\lsass.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

--
End of file - 6284 bytes


Uninstall list:

µTorrent
ACE Mega CoDecS Pack
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advertising Center
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Catalyst Control Center - Branding
Conquer 2.0
Creative EAX Settings
Creative Speaker Settings
Device Control
DolbyFiles
eBay Icon
Gimp 2.6.2 Debug
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Java(TM) 6 Update 17
LimeWire 5.4.6
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
SoundTrax
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VirtualCloneDrive
Winamp
Windows Imaging Component
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
ZSMC USB PC Camera (ZS211)

Please keep in mind that untill I can free up the internet I'm limited to 1gig file transfer capability and this computer was just reinstalled on Christmas. Any help will be greatly appreciated.


Gary~
Last edited by PapaBear on January 14th, 2010, 2:15 pm, edited 2 times in total.
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota
Advertisement
Register to Remove

Re: Internet Security 2010-malware

Unread postby MWR 3 day Mod » January 11th, 2010, 9:10 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 15th, 2010, 12:15 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Hi PapaBear and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Next:

Take your time with the below. :thumbup:

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

µTorrent <-- As per forum policy.
LimeWire 5.4.6 <-- As per forum policy.
Spybot - Search & Destroy <-- You may reinstall this when I give the all clear if you so wish.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

If you were prompted to reboot the system after the above uninstalltions, please run RKill again.

Next:

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Now install a Antivirus, either the AVG you mentioned or one of the below:-


Whichever you chose:-

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes' Anti-Malware Log.
  • A new Uninstall List.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 15th, 2010, 12:44 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/15/2010 10:40:51 AM
mbam-log-2010-01-15 (10-40-51).txt

Scan type: Quick Scan
Objects scanned: 109194
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:41:44 AM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Gary S. Priest\My Documents\Conquer\SV-v20100115-P5206(v516)\scriptvessel.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\zftqat\TQAT.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Rzoke] rundll32.exe "C:\WINDOWS\uvemijigoki.dll",Startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

--
End of file - 6450 bytes



ACE Mega CoDecS Pack
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advertising Center
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 9.0
Catalyst Control Center - Branding
Conquer 2.0
Creative EAX Settings
Creative Speaker Settings
Device Control
DolbyFiles
eBay Icon
Gimp 2.6.2 Debug
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
SoundTrax
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VirtualCloneDrive
Winamp
Windows Imaging Component
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
ZSMC USB PC Camera (ZS211)

I believe this is everything from the first list of instructions.

Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 15th, 2010, 3:53 pm

Hi. :)

CKScanner:

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Scan with GMER:

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Right-click on RSIT.exe and select Run as Administrator. to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • CKFiles.txt.
  • GMER Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 15th, 2010, 4:33 pm

Dakeyras wrote:[*]Please download Random's System Information Tool by random/random from here and save it to your desktop.[/list]
Make sure that RSIT.exe is on the your Desktop before running the application!
[list]
[*]Right-click on RSIT.exe and select "Run as Administrator". to run RSIT.


I don't seem to have a Run As Administrator option, nor have I even seen one on Windows XP.

Do I just click on it and allow it to scan files for the previous month?
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 15th, 2010, 4:43 pm

Hi. :)

My apologies please run RSIT as follows, thank you.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 15th, 2010, 5:30 pm

I cant really say if my computer is running any worse but it defiantly isn't running better. GMER locked up my computer 3 times so that I had to hard restart. The DLL error still pops up when I lode windows, and Fire Fox still randomly sent me to a site that is NOT what I clicked on(http://???.comparedby.us/lander.aspx?pmkeyword=com&ysquery=&tcid=0). I'm pretty sure this random redirect is how I got "Internet Security 2010" in the first place. As far as performance goes, I am a gamer so I pay attention to this, my computer is running fairly well now. Like you would expect a computer with its specs and a fresh windows install to work. I have had no security alerts of any kind from AVG(it's been installed about 5 days now).


CKScanner
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack.rar
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\general-cleantool.exe
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\instructions english.txt
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\keymaker.nero.9.4.26.0 v5.55.exe
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\leeme instrucciones nero 9.txt
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\serial.txt
c:\program files\conquer 2.0\c3\effect\firecracker-single\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\1.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\2.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\3.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\4.dds
c:\program files\conquer 2.0\c3\effect\firecracker1\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\5.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\6.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\7.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\8.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\1.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\2.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\3.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\4.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\5.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\5.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\6.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\6.dds
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.ZZ.11
----- EOF -----


GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-15 15:13:51
Windows 5.1.2600 Service Pack 3
Running: 8tv46054.exe; Driver: C:\DOCUME~1\GARYS~1.PRI\LOCALS~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xA8966470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xA8966520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xA89665C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xA8966660]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


RSIT log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-15 14:50:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (76%) free of 79 GB
Total RAM: 2046 MB (25% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe []
"Rzoke"=C:\WINDOWS\uvemijigoki.dll,Startup []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2005-06-20 1056768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wkbta6g.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2c0e6e4-f726-11de-9e88-00e04cf112e8}]
shell\AutoRun\command - E:\driversetup.exe
shell\open\command - E:\driversetup.exe


======List of files/folders created in the last 1 months======

2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----HD---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-07 08:23:38 ----A---- C:\WINDOWS\system32\12382.exe
2010-01-07 08:03:38 ----A---- C:\WINDOWS\system32\292.exe
2010-01-07 07:43:37 ----A---- C:\WINDOWS\system32\153.exe
2010-01-07 07:23:24 ----A---- C:\WINDOWS\system32\3902.exe
2010-01-07 07:03:22 ----A---- C:\WINDOWS\system32\14604.exe
2010-01-07 06:43:22 ----A---- C:\WINDOWS\system32\32391.exe
2010-01-07 06:23:21 ----A---- C:\WINDOWS\system32\5436.exe
2010-01-07 06:03:20 ----A---- C:\WINDOWS\system32\4827.exe
2010-01-07 05:43:20 ----A---- C:\WINDOWS\system32\11942.exe
2010-01-07 05:23:20 ----A---- C:\WINDOWS\system32\2995.exe
2010-01-07 05:03:18 ----A---- C:\WINDOWS\system32\491.exe
2010-01-07 04:43:17 ----A---- C:\WINDOWS\system32\9961.exe
2010-01-07 04:23:17 ----A---- C:\WINDOWS\system32\16827.exe
2010-01-07 04:03:16 ----A---- C:\WINDOWS\system32\23281.exe
2010-01-07 03:43:16 ----A---- C:\WINDOWS\system32\28145.exe
2010-01-07 03:23:15 ----A---- C:\WINDOWS\system32\5705.exe
2010-01-07 03:03:15 ----A---- C:\WINDOWS\system32\24464.exe
2010-01-07 02:43:14 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-07 02:23:14 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-07 02:03:14 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-07 01:43:13 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-07 01:23:13 ----A---- C:\WINDOWS\system32\19169.exe
2010-01-07 01:03:12 ----A---- C:\WINDOWS\system32\26500.exe
2010-01-07 00:43:12 ----A---- C:\WINDOWS\system32\6334.exe
2010-01-07 00:23:12 ----A---- C:\WINDOWS\system32\18467.exe
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-02 08:16:15 ----SHD---- C:\Documents and Settings\Gary S. Priest\Application Data\SystemProc
2010-01-02 08:16:10 ----A---- C:\WINDOWS\update.exe
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 15:05:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Desktopicon
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 11:09:16 ----A---- C:\WINDOWS\omecerisu.dll
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:19 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:51:29 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----D---- C:\WINDOWS\system32\Data
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:10 ----SHD---- C:\RECYCLER
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:45 ----RA---- C:\WINDOWS\SET8.tmp
2009-12-25 11:36:43 ----RA---- C:\WINDOWS\SET4.tmp
2009-12-25 11:36:42 ----RA---- C:\WINDOWS\SET3.tmp
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RSH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Temp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-12-29 10:55:36 ----A---- C:\WINDOWS\win.ini
2009-12-25 18:59:46 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-07 2303680]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Last edited by PapaBear on January 15th, 2010, 5:33 pm, edited 1 time in total.
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby PapaBear » January 15th, 2010, 5:31 pm

RSIT "info"
info.txt logfile of random's system information tool 1.06 2010-01-15 14:50:33

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
Conquer 2.0-->"C:\Program Files\InstallShield Installation Information\{39833F1F-E56B-4A2C-93F1-E5F6C1D7C107}\setup.exe" -runfromtemp -l0x0409 -removeonly
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
eBay Icon-->C:\Documents and Settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZSMC USB PC Camera (ZS211)-->C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

======System event log======

Computer Name: REX
Event Code: 7031
Message: The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

Record Number: 582
Source Name: Service Control Manager
Time Written: 20091225214601.000000-360
Event Type: error
User:

Computer Name: REX
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 537
Source Name: Tcpip
Time Written: 20091225210322.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 473
Source Name: Print
Time Written: 20091225205146.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: REX
Event Code: 1002
Message: The IP address lease 24.220.133.48 for the Network Card with network address 00E04CF112E8 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 464
Source Name: Dhcp
Time Written: 20091225205108.000000-360
Event Type: error
User:

Computer Name: REX
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 202
Source Name: Print
Time Written: 20091225182839.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: REX
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 134
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20091225182900.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 114
Source Name: ASP.NET 2.0.50727.0
Time Written: 20091225182809.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 1517
Message: Windows saved user REX\Gary S. Priest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 93
Source Name: Userenv
Time Written: 20091225182003.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: REX
Event Code: 1015
Message: Failed to connect to server. Error: 0x80004005

Record Number: 85
Source Name: MsiInstaller
Time Written: 20091225181221.000000-360
Event Type: warning
User: REX\Gary S. Priest

Computer Name: REX
Event Code: 1014
Message: Windows Installer proxy information not correctly registered

Record Number: 84
Source Name: MsiInstaller
Time Written: 20091225181221.000000-360
Event Type: error
User: REX\Gary S. Priest

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 16th, 2010, 7:15 am

Hi. :)

What can you inform myself about the CKScanner results. Did you download these with the P2P applications you had installed prior?

As they appear to be illegal applications possibly.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 16th, 2010, 7:27 am

Not 100% sure what your asking? I used a torrent program to down load the Nero, and Conquer is the MMORPG that I've played for the last 6 years.
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 17th, 2010, 8:09 am

Hi. :)

Not 100% sure what your asking? I used a torrent program to down load the Nero
This may be the source of your malware problems as it appears the application is a illegal version:-
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack.rar
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\general-cleantool.exe
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\instructions english.txt
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\keymaker.nero.9.4.26.0 v5.55.exe
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\leeme instrucciones nero 9.txt
c:\documents and settings\gary s. priest\my documents\downloads\nero 9 reloaded ( 9.4.26.0) full - win 7 compatible + crack\activation\serial.txt
Plus using P2P applications always the chance the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

So please uninstall all Nero related as per forum policy and the download(s) indicated above, thank you.

Conquer is the MMORPG that I've played for the last 6 years.
Aye this is fine and though flagged my research has revealed this to be what is known as a false positive, so no further action is required.

Next:

Please run Rkill again.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • A new CKScanner Log.
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 17th, 2010, 8:17 pm

I can see no difference in my computers operation.


ckfiles
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\conquer 2.0\c3\effect\firecracker-single\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\1.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\2.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\3.dds
c:\program files\conquer 2.0\c3\effect\firecracker-single\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker-single\4.dds
c:\program files\conquer 2.0\c3\effect\firecracker1\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\5.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\6.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\7.c3
c:\program files\conquer 2.0\c3\effect\firecracker1\8.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\1.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\1.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\2.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\2.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\3.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\3.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\4.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\4.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\5.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\5.dds
c:\program files\conquer 2.0\c3\effect\firecracker2\6.c3
c:\program files\conquer 2.0\c3\effect\firecracker2\6.dds
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.ZZ.11
----- EOF -----


RSIT log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-17 18:13:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (76%) free of 79 GB
Total RAM: 2046 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe []
"Rzoke"=C:\WINDOWS\uvemijigoki.dll,Startup []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanSetup"=cmd /C rmdir /S /Q C:\Documents and Settings\Gary S. Priest\Local Settings\Temp\nro.tmp\ []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2005-06-20 1056768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wkbta6g.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2c0e6e4-f726-11de-9e88-00e04cf112e8}]
shell\AutoRun\command - E:\driversetup.exe
shell\open\command - E:\driversetup.exe


======List of files/folders created in the last 1 months======

2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----HD---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-07 08:23:38 ----A---- C:\WINDOWS\system32\12382.exe
2010-01-07 08:03:38 ----A---- C:\WINDOWS\system32\292.exe
2010-01-07 07:43:37 ----A---- C:\WINDOWS\system32\153.exe
2010-01-07 07:23:24 ----A---- C:\WINDOWS\system32\3902.exe
2010-01-07 07:03:22 ----A---- C:\WINDOWS\system32\14604.exe
2010-01-07 06:43:22 ----A---- C:\WINDOWS\system32\32391.exe
2010-01-07 06:23:21 ----A---- C:\WINDOWS\system32\5436.exe
2010-01-07 06:03:20 ----A---- C:\WINDOWS\system32\4827.exe
2010-01-07 05:43:20 ----A---- C:\WINDOWS\system32\11942.exe
2010-01-07 05:23:20 ----A---- C:\WINDOWS\system32\2995.exe
2010-01-07 05:03:18 ----A---- C:\WINDOWS\system32\491.exe
2010-01-07 04:43:17 ----A---- C:\WINDOWS\system32\9961.exe
2010-01-07 04:23:17 ----A---- C:\WINDOWS\system32\16827.exe
2010-01-07 04:03:16 ----A---- C:\WINDOWS\system32\23281.exe
2010-01-07 03:43:16 ----A---- C:\WINDOWS\system32\28145.exe
2010-01-07 03:23:15 ----A---- C:\WINDOWS\system32\5705.exe
2010-01-07 03:03:15 ----A---- C:\WINDOWS\system32\24464.exe
2010-01-07 02:43:14 ----A---- C:\WINDOWS\system32\26962.exe
2010-01-07 02:23:14 ----A---- C:\WINDOWS\system32\29358.exe
2010-01-07 02:03:14 ----A---- C:\WINDOWS\system32\11478.exe
2010-01-07 01:43:13 ----A---- C:\WINDOWS\system32\15724.exe
2010-01-07 01:23:13 ----A---- C:\WINDOWS\system32\19169.exe
2010-01-07 01:03:12 ----A---- C:\WINDOWS\system32\26500.exe
2010-01-07 00:43:12 ----A---- C:\WINDOWS\system32\6334.exe
2010-01-07 00:23:12 ----A---- C:\WINDOWS\system32\18467.exe
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-02 08:16:15 ----SHD---- C:\Documents and Settings\Gary S. Priest\Application Data\SystemProc
2010-01-02 08:16:10 ----A---- C:\WINDOWS\update.exe
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 15:05:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Desktopicon
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 11:09:16 ----A---- C:\WINDOWS\omecerisu.dll
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:19 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:51:29 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----D---- C:\WINDOWS\system32\Data
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:10 ----SHD---- C:\RECYCLER
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:45 ----RA---- C:\WINDOWS\SET8.tmp
2009-12-25 11:36:43 ----RA---- C:\WINDOWS\SET4.tmp
2009-12-25 11:36:42 ----RA---- C:\WINDOWS\SET3.tmp
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RSH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Temp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-12-29 10:55:36 ----A---- C:\WINDOWS\win.ini
2009-12-25 18:59:46 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-17 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby PapaBear » January 17th, 2010, 8:18 pm

RSIT txt
info.txt logfile of random's system information tool 1.06 2010-01-17 18:13:47

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
Conquer 2.0-->"C:\Program Files\InstallShield Installation Information\{39833F1F-E56B-4A2C-93F1-E5F6C1D7C107}\setup.exe" -runfromtemp -l0x0409 -removeonly
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
eBay Icon-->C:\Documents and Settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-K788-5K87-2E9Z-2W58-7P40-1119-7U0T-5K88-0000"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero MediaHome 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-05A5-LK8K-2W99-0C12-7WAH-EZMA-9CCC"
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZSMC USB PC Camera (ZS211)-->C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

======System event log======

Computer Name: REX
Event Code: 7031
Message: The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

Record Number: 582
Source Name: Service Control Manager
Time Written: 20091225214601.000000-360
Event Type: error
User:

Computer Name: REX
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 537
Source Name: Tcpip
Time Written: 20091225210322.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 473
Source Name: Print
Time Written: 20091225205146.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: REX
Event Code: 1002
Message: The IP address lease 24.220.133.48 for the Network Card with network address 00E04CF112E8 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 464
Source Name: Dhcp
Time Written: 20091225205108.000000-360
Event Type: error
User:

Computer Name: REX
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 202
Source Name: Print
Time Written: 20091225182839.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: REX
Event Code: 0
Message: Configuration section system.serviceModel.activation does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 138
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20091225182900.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 0
Message: Configuration section system.runtime.serialization does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 137
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20091225182900.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 0
Message: Configuration section system.serviceModel does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 136
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20091225182900.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 134
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20091225182900.000000-360
Event Type: warning
User:

Computer Name: REX
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 114
Source Name: ASP.NET 2.0.50727.0
Time Written: 20091225182809.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 18th, 2010, 7:40 am

Hi. :)

Please run Rkill again.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset becuse you have the AVG Firewall.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware