Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google browser redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: google browser redirection

Unread postby Wingman » September 10th, 2009, 2:49 pm

Hi ard,
No problem. You must have not seen then line:
We can attempt to clean this machine but we can not guarantee that it won't still be compromised, afterwards.
If your decision is to continue trying to clean the machine, we can do that.
Remember, just because there are no signs of infection, doesn't mean there isn't the possibility, of the machine still being compromised.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes are selected.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
ComboFix
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.
This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers", NOT for general public use. Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please download ComboFix.exe... © Copyrighted to sUBsSave it to your desktop.
    Alternate download sites: forospyware.com or geekstogo.com.
    Once the download is completed...
    Image
    ComboFix.exe <<------------- you should see this on your desktop.
  2. Please disable any Antivirus or Firewall you have active:
    KASPERSKY INTERNET SUIITE
    Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
    • Right click it-> select Pause Protection.
    • Click on -> By User Request
    • A popup will claim that protection is now disabled and a sign like this: Image will now be shown.
    • You successfully disabled the Kaspersky Internet Suite Guard.
    Please close all open application windows.
    Proceed *Only* when you AV and Firewall have been disabled.
  3. Double click the ComboFix.exe icon on your desktop to begin execution.
    If you receive the "Open File - Security Warning"... press Run.
  4. Press Yes to the Disclaimer prompt.
  5. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  6. Press Yes at the Recovery Console installation results prompt... Even if installation is unsuccessful, have ComboFix continue the scan.
    Leave your computer alone... Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix will disconnect you from the Internet, change your clock settings... may cause your desktop to disappear... this is normal and settings will be restored to their original state.
    ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    When ComboFix finishes... Notepad will open ... ComboxFix will produce a log file called "log.txt".
  7. Please copy/paste the contents of log.txt... in your next reply.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 3.
Post a New HJT Log
  1. Start HijackThis.
    Located in: C:\Program Files\Trend Micro\hijackthis.exe
    If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  2. From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    When completed...Notepad will open with the new "hijackthis.log" file contents.
Copy/paste the entire (hijackthis.log) file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ComboFix log file contents
  3. New HJT log
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Re: google browser redirection

Unread postby ard » September 10th, 2009, 6:30 pm

wingman -

1. Any problem executing the instructions?

no problems

2. ComboFix log file contents

ComboFix 09-09-10.01 - admin 09/10/2009 17:32.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.292 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Local Settings\Application Data\etuhyvov._dl
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\windows\4ff345dfbh521
c:\windows\Installer\4b9761.msp
c:\windows\pocufoxun.dll
c:\windows\ritomop._dl
c:\windows\system32\cafujic.ban
c:\windows\system32\lusomuke.ban
c:\windows\system32\onif.pif
c:\windows\system32\QTWMCI32.DLL
c:\windows\uholukah.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERCTLDRV
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2010-03-12 17:09 . 2010-03-12 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PKWARE
2010-03-12 17:09 . 2010-03-12 17:09 -------- d-----w- c:\documents and settings\admin\Application Data\PKWARE
2010-03-12 16:27 . 2010-03-12 16:27 -------- d-----w- c:\program files\ZipItFree
2010-03-12 16:27 . 2010-03-12 16:27 -------- d-----w- c:\windows\ZipItFree
2009-09-10 21:06 . 2009-09-10 21:07 -------- d-----w- c:\program files\ERUNT
2009-09-10 15:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\program files\DIFX
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\kinoma
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\kinoma
2009-09-10 14:27 . 2009-09-10 14:27 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Sony Corporation
2009-09-10 14:26 . 2009-09-10 16:21 -------- d-----w- c:\program files\Sony
2009-09-08 16:52 . 2009-09-08 16:52 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2009-09-04 18:40 . 2009-09-04 19:04 -------- d-----w- c:\documents and settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 18:39 . 2009-09-04 18:39 -------- d-----w- c:\program files\Free Spider
2009-09-04 13:59 . 2009-09-04 13:59 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-09-04 13:59 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 13:59 . 2009-09-04 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 13:59 . 2009-09-04 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 13:59 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 06:21 . 2009-09-06 20:25 -------- d-----w- c:\program files\trend micro
2009-08-31 06:21 . 2009-08-31 06:24 -------- d-----w- C:\rsit
2009-08-25 05:31 . 2009-08-25 05:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 21:04 . 2009-08-24 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-24 21:04 . 2009-08-24 21:04 -------- d-----w- c:\program files\Security Task Manager
2009-08-24 14:18 . 2009-08-24 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 14:18 . 2009-08-24 14:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 16:14 . 2009-05-17 00:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-08-21 16:14 . 2008-12-16 00:41 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-08-18 16:49 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-18 16:49 . 2009-08-18 16:49 -------- d-----w- c:\program files\Panda Security
2009-08-18 16:10 . 2009-08-18 16:10 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-18 11:38 . 2009-08-18 11:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-17 19:47 . 2009-08-17 19:47 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-17 19:44 . 2009-08-17 19:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-17 19:37 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-17 19:37 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-17 19:37 . 2009-08-18 17:44 -------- d-----w- c:\windows\ie8updates
2009-08-17 19:37 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-17 19:36 . 2009-08-17 19:36 -------- dc-h--w- c:\windows\ie8
2009-08-17 13:33 . 2009-08-17 13:33 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-17 13:33 . 2009-08-17 13:33 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-17 13:29 . 2009-09-10 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-17 13:29 . 2009-08-17 13:29 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-17 12:53 . 2009-08-17 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 14:57 . 2009-09-10 21:05 -------- d-----w- C:\install
2009-08-15 06:43 . 2008-04-14 09:42 397056 ------w- c:\windows\system32\s3gnb.dll
2009-08-15 06:43 . 2008-04-14 09:42 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-08-15 06:43 . 2008-04-14 09:42 32768 ------w- c:\windows\system32\setupn.exe
2009-08-15 06:43 . 2008-04-14 09:42 73832 ------w- c:\windows\system32\slcoinst.dll
2009-08-15 06:43 . 2008-04-14 09:42 73796 ------w- c:\windows\system32\slserv.exe
2009-08-15 06:43 . 2008-04-14 09:42 32866 ------w- c:\windows\system32\slrundll.exe
2009-08-15 06:43 . 2008-04-14 09:42 286792 ------w- c:\windows\system32\slextspk.dll
2009-08-15 06:43 . 2008-04-14 09:42 188508 ------w- c:\windows\system32\slgen.dll
2009-08-15 06:43 . 2008-04-14 09:42 53248 ------w- c:\windows\system32\tsgqec.dll
2009-08-15 06:43 . 2008-04-14 09:42 50688 ------w- c:\windows\system32\tspkg.dll
2009-08-15 06:43 . 2008-04-14 09:42 69120 ------w- c:\windows\system32\wlanapi.dll
2009-08-15 06:43 . 2008-04-14 09:42 32866 ------w- c:\windows\slrundll.exe
2009-08-15 04:48 . 2009-08-15 06:43 -------- d-----w- c:\windows\system32\scripting
2009-08-15 04:48 . 2009-08-15 06:43 -------- d-----w- c:\windows\l2schemas
2009-08-15 04:48 . 2009-08-15 06:43 -------- d-----w- c:\windows\system32\en
2009-08-15 04:48 . 2009-08-15 06:43 -------- d-----w- c:\windows\system32\bits
2009-08-15 04:42 . 2007-08-11 00:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2009-08-15 04:39 . 2008-04-14 09:55 1804 ----a-w- c:\windows\system32\dcache.bin
2009-08-15 04:36 . 2009-08-15 06:32 -------- d-----w- c:\windows\EHome
2009-08-14 01:43 . 2009-08-15 06:38 -------- d-----w- c:\windows\ServicePackFiles
2009-08-14 00:27 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-14 00:27 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-14 00:25 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-14 00:25 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-13 20:02 . 2009-08-13 20:02 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\ICS
2009-08-13 18:27 . 2009-08-13 18:27 -------- d-----w- C:\N360_BACKUP
2009-08-13 18:02 . 2009-08-13 18:02 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Symantec
2009-08-13 17:50 . 2009-01-15 16:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-13 17:50 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-13 17:50 . 2009-08-17 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-13 17:50 . 2009-08-13 17:50 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Downloaded Installations
2009-08-13 17:31 . 2009-08-13 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-13 17:31 . 2009-08-17 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-13 17:30 . 2009-08-13 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 21:24 . 2005-08-04 18:07 82936 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 16:13 . 2008-10-22 16:59 -------- d-----w- c:\documents and settings\admin\Application Data\mjusbsp
2009-09-10 15:55 . 2008-01-23 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 16:34 . 2005-07-15 20:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 16:28 . 2006-08-21 22:02 -------- d-----w- c:\program files\DivX
2009-09-08 16:21 . 2007-05-25 19:18 -------- d--h--w- c:\program files\Zero G Registry
2009-09-08 16:20 . 2007-05-25 19:19 -------- d-----w- c:\program files\Britannica Profiles
2009-08-25 05:01 . 2006-07-02 19:14 -------- d-----w- c:\program files\Microsoft Works
2009-08-24 13:42 . 2009-04-08 14:17 0 ----a-w- c:\windows\Xlupilawetida.bin
2009-08-20 12:45 . 2006-08-12 00:43 -------- d-----w- c:\program files\Google
2009-08-17 18:58 . 2007-06-23 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-17 13:19 . 2005-07-15 20:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-15 14:33 . 2008-12-03 20:41 -------- d-----w- c:\program files\egames
2009-08-15 14:19 . 2008-02-29 20:41 -------- d-----w- c:\program files\Real
2009-08-15 14:16 . 2008-02-29 20:41 -------- d-----w- c:\program files\Common Files\Real
2009-08-15 14:11 . 2008-02-25 16:37 -------- d-----w- c:\program files\ReadPlease 2003
2009-08-15 13:56 . 2007-06-23 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-08-15 13:54 . 2008-04-28 16:17 -------- d-----w- c:\program files\ContMedia
2009-08-15 13:04 . 2006-03-18 01:48 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-08-13 20:45 . 2005-07-15 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-13 16:06 . 2009-08-13 16:06 18534 ----a-w- c:\program files\Common Files\llywep.llywep
2009-08-13 16:06 . 2009-08-13 16:06 11288 ----a-w- c:\program files\Common Files\jjelyjy.jelly
2009-08-13 16:06 . 2009-08-13 16:06 16443 ----a-w- c:\program files\Common Files\yyzyzugosifo.dlb
2009-08-13 16:06 . 2009-08-13 16:06 11264 ----a-w- c:\documents and settings\admin\Application Data\ijakigalic.dat
2009-08-05 09:01 . 2009-08-15 04:39 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:17 . 2009-08-01 17:17 36 ----a-w- c:\windows\system32\Drv64_32.dat
2009-08-01 17:17 . 2009-08-01 17:17 350240 ----a-w- c:\windows\system32\PbsAuDrvPropPage_uk.dll
2009-08-01 17:17 . 2009-08-01 17:17 110752 ----a-w- c:\windows\system32\drivers\pbsaudrv.sys
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\program files\PolderbitS
2009-07-31 19:17 . 2009-07-31 19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-07-31 19:17 . 2009-07-31 19:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-31 18:00 . 2009-07-31 18:00 -------- d-----w- c:\program files\Mo-orola
2009-07-31 16:33 . 2009-07-31 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\admin
2009-07-31 16:32 . 2009-07-31 16:32 -------- d-----w- c:\program files\SyncCell
2009-07-31 16:01 . 2009-07-31 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-31 16:00 . 2009-07-31 16:00 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-29 19:10 . 2008-12-04 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-29 04:37 . 2009-08-15 04:39 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2009-08-15 04:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-24 16:10 . 2009-01-05 18:24 -------- d-----w- c:\documents and settings\admin\Application Data\Ahead
2009-07-19 22:55 . 2009-07-19 21:55 -------- d-----w- c:\program files\Pistonsoft MP3 Tags Editor
2009-07-19 21:55 . 2009-07-19 21:55 -------- d-----w- c:\documents and settings\admin\Application Data\Pistonsoft
2009-07-19 21:11 . 2009-07-19 21:11 -------- d-----w- c:\program files\Pistonsoft Text to Speech Converter
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 20:28 . 2009-07-16 20:21 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter
2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 19:48 . 2009-07-03 19:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 19:45 . 2009-07-03 19:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2009-08-15 04:39 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2009-08-15 04:39 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2009-08-15 04:39 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2009-08-15 04:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2009-08-15 04:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2009-08-15 04:39 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2009-08-15 04:39 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 18:01 . 2009-06-15 18:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
1812-01-05 21:46 . 1812-01-05 21:46 4252 --sh--w- c:\windows\windllreg1b.sys
1821-02-11 23:41 . 1821-02-11 23:41 4263 --sh--w- c:\windows\windllreg1c.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\admin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
backup=c:\windows\pss\PolderbitS Audio Driver Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3 (0x3)
"LiveUpdate Notice Ex"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MotoConnect Service"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca105c13ac1bc4"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\admin\\Application Data\\mjusbsp\\magicJack.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/18/2009 12:49 PM 28544]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [8/1/2009 1:17 PM 110752]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/26/2005 6:19 PM 20160]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [9/20/2007 6:03 PM 181888]
S3 ionwpvvc;Watchport/V2 USB Camera;c:\windows\system32\drivers\ionwpvvc.sys [2/20/2008 4:50 PM 38656]
S4 Compass Server;Compass Server; [x]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2009 10:51 AM 133104]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 14:50]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 17:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3277941142-1728969546-3919492650-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B8DA90D-0FD0-9EC6-D03B-B72F1EA63631}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3277941142-1728969546-3919492650-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{701AE01E-57DC-62B6-726A-E623E013E9AB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaofebfcooaennmldimllfnpkdeddk"=hex:64,61,6c,6c,6c,6f,68,6b,00,85
"oakeeiafbknjlbdpdmhbjhfdcampmp"=hex:6a,61,6c,6c,61,70,63,6a,65,70,70,6b,6e,61,
64,66,67,6d,6c,6b,00,0f
"naafkghclfiefjbaphoacnjbhlmk"=hex:6a,61,6f,6c,70,6f,63,6b,70,67,67,69,70,65,
67,67,63,64,67,65,00,07
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 21:47

Pre-Run: 95,632,367,616 bytes free
Post-Run: 95,488,512,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
303 --- E O F --- 2009-09-10 15:58





3. New HJT log

2 errors at start of hjt

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


Logfile of HijackThis v1.99.1
Scan saved at 6:09:12 PM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r (file missing)
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe


4. How is the computer behaving?

when i ran iexplorer for the first time, i was told it was not my default browser.
no google or bing redirects

- al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 12th, 2009, 4:51 pm

Hi ard,

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RegSearch ... by Bobbi Flekman © 2005-2007 ... Written by F. Staal
  1. Please download regsearch.zip and save it to your desktop.
  2. Right click on regsearch.zip and select Extract All....
    If you have a 3rd party "unzipping" program...(WinRar, Winzip, etc) ... use that to extract files to your desktop, go to step 6.
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  4. Click on the Browse button. Click on Desktop. Then click OK.
  5. Once done, check the Show extracted files box and click Finish.
  6. Double click on regsearch.exe to run it.
  7. Copy and paste the following text (one entry per line) into the "Enter search strings (case independent) and click OK..." section (red highlighted area in the screenshot below).
    Code: Select all
    {2B8DA90D-0FD0-9EC6-D03B-B72F1EA63631}
    {701AE01E-57DC-62B6-726A-E623E013E9AB}
    
    Image

  8. Make sure all the check boxes in the "Search" section are checked (blue outlined section in the screenshot above).
  9. Click OK.
  10. When done, a text file will be created and automatically opened called: "RegSearch.txt".
    File can be found on your desktop or whatever folder RegSearch was extracted to originally.
Please copy and paste the contents of RegSearch.txt in your next reply.

Step 2.
Malwarebytes' Anti-Malware Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  3. Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RegSearch.txt file contents
  3. MBAM scan results
  4. New RSIT log contents
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 13th, 2009, 11:24 am

wingman -

HERE ARE THE RESULTS

1. Any problem executing the instructions?

no problems


2. RegSearch.txt file contents

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 9/13/2009 9:50:05 AM for strings:
; '{2b8da90d-0fd0-9ec6-d03b-b72f1ea63631}'
; '{701ae01e-57dc-62b6-726a-e623e013e9ab}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


3. MBAM scan results

Malwarebytes' Anti-Malware 1.41
Database version: 2790
Windows 5.1.2600 Service Pack 3

9/13/2009 10:42:31 AM
mbam-log-2009-09-13 (10-42-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203302
Time elapsed: 44 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


4. New RSIT log contents

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-13 10:45:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 91 GB (61%) free of 149 GB
Total RAM: 510 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:22 AM, on 9/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 4823 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bneyibe]
C:\WINDOWS\oxemimesu.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-09-11 12:48:32 ----SHD---- C:\RECYCLER
2009-09-10 17:47:09 ----D---- C:\WINDOWS\temp
2009-09-10 17:47:07 ----A---- C:\ComboFix.txt
2009-09-10 17:30:42 ----RASHD---- C:\cmdcons
2009-09-10 17:29:26 ----A---- C:\WINDOWS\zip.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWSC.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWREG.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\sed.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\PEV.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\grep.exe
2009-09-10 17:29:00 ----D---- C:\Qoobox
2009-09-10 17:09:18 ----D---- C:\WINDOWS\ERDNT
2009-09-10 17:06:49 ----D---- C:\Program Files\ERUNT
2009-09-10 11:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 11:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 11:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-10 10:36:37 ----D---- C:\Program Files\DIFX
2009-09-10 10:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\kinoma
2009-09-10 10:26:58 ----D---- C:\Program Files\Sony
2009-09-08 18:34:28 ----A---- C:\netstet.txt
2009-09-08 14:13:26 ----A---- C:\d.txt
2009-09-08 13:59:20 ----A---- C:\dd.txt
2009-09-04 14:40:08 ----D---- C:\Documents and Settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 14:39:50 ----D---- C:\Program Files\Free Spider
2009-09-04 09:59:17 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes
2009-09-04 09:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 09:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-31 02:26:11 ----A---- C:\Rooter_1.txt
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-31 02:21:55 ----D---- C:\rsit
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 12:49:42 ----D---- C:\Program Files\Panda Security
2009-08-17 15:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 15:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-17 15:37:18 ----D---- C:\WINDOWS\ie8updates
2009-08-17 15:36:20 ----HDC---- C:\WINDOWS\ie8
2009-08-17 15:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-17 15:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-17 09:29:28 ----D---- C:\Program Files\Kaspersky Lab
2009-08-17 09:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-17 08:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-15 15:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-15 14:45:13 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-15 10:57:45 ----D---- C:\install
2009-08-15 03:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 03:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-15 03:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 03:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 03:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-15 03:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-15 03:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-15 03:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-15 03:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-15 03:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-15 03:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-15 03:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-15 03:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-15 03:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-15 03:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-15 03:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-15 03:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-15 03:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-15 03:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-15 03:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-15 03:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-15 03:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-15 03:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-15 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-15 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-15 03:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-15 03:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-15 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-15 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-15 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-15 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-08-15 02:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-15 02:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-15 02:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-15 02:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-15 02:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-15 02:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-15 02:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-15 02:47:56 ----A---- C:\WINDOWS\setuplog.txt
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-08-15 02:44:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-08-15 02:44:26 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\azroles.dll
2009-08-15 02:44:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-08-15 02:44:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-15 02:44:23 ----N---- C:\WINDOWS\system32\credssp.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-08-15 02:44:22 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-08-15 02:44:21 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-08-15 02:44:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-08-15 02:44:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-08-15 02:44:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-08-15 02:44:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-08-15 02:44:14 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-08-15 02:44:13 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-08-15 02:44:12 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-08-15 02:44:11 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-08-15 02:44:09 ----N---- C:\WINDOWS\system32\mssha.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-08-15 02:44:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-08-15 02:44:05 ----N---- C:\WINDOWS\system32\onex.dll
2009-08-15 02:44:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qutil.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-08-15 02:44:00 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-08-15 02:43:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-08-15 02:43:58 ----N---- C:\WINDOWS\system32\setupn.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slserv.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slgen.dll
2009-08-15 02:43:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-08-15 02:43:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-08-15 02:43:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-08-15 02:43:51 ----N---- C:\WINDOWS\slrundll.exe
2009-08-15 02:35:16 ----A---- C:\WINDOWS\000001_.tmp
2009-08-15 00:48:43 ----D---- C:\WINDOWS\system32\scripting
2009-08-15 00:48:43 ----D---- C:\WINDOWS\l2schemas
2009-08-15 00:48:42 ----D---- C:\WINDOWS\system32\en
2009-08-15 00:48:41 ----D---- C:\WINDOWS\system32\bits
2009-08-15 00:42:38 ----A---- C:\WINDOWS\system32\sprecovr.exe
2009-08-15 00:41:55 ----A---- C:\WINDOWS\002956_.tmp
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-08-15 00:40:52 ----A---- C:\WINDOWS\system32\logman.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bthci.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-15 00:40:50 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encdec.dll
2009-08-15 00:40:49 ----A---- C:\WINDOWS\system32\encapi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\p2p.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\mssap.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-08-15 00:40:48 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\twext.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-08-15 00:40:47 ----A---- C:\WINDOWS\system32\sbe.dll
2009-08-15 00:40:47 -------- C:\WINDOWS\system32\wscntfy.exe
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-08-15 00:40:46 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-15 00:40:46 -------- C:\WINDOWS\system32\xmlprov.dll
2009-08-15 00:40:41 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-08-15 00:40:41 -------- C:\WINDOWS\system32\qmgr.dll
2009-08-15 00:40:40 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-08-15 00:40:39 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-08-15 00:40:36 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-08-15 00:40:35 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\winhlp32.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\twain_32.dll
2009-08-15 00:40:20 ----A---- C:\WINDOWS\regedit.exe
2009-08-15 00:40:20 ----A---- C:\WINDOWS\hh.exe
2009-08-15 00:40:20 -------- C:\WINDOWS\explorer.exe
2009-08-15 00:40:12 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\aclui.dll
2009-08-15 00:40:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-08-15 00:40:10 ----A---- C:\WINDOWS\system32\activeds.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldpc.dll
2009-08-15 00:40:09 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-08-15 00:40:08 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\alg.exe
2009-08-15 00:40:07 ----A---- C:\WINDOWS\system32\ahui.exe
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\amstream.dll
2009-08-15 00:40:06 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\attrib.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\at.exe
2009-08-15 00:40:05 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\camocx.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabview.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browseui.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\browselc.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-08-15 00:40:04 ----A---- C:\WINDOWS\system32\authz.dll
2009-08-15 00:40:04 -------- C:\WINDOWS\system32\browser.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cic.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-08-15 00:40:03 ----A---- C:\WINDOWS\system32\certcli.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-08-15 00:40:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comres.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compstui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\compatui.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-08-15 00:40:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\csrss.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscript.exe
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\credui.dll
2009-08-15 00:40:00 ----A---- C:\WINDOWS\system32\conime.exe
2009-08-15 00:40:00 -------- C:\WINDOWS\system32\ctfmon.exe
2009-08-15 00:40:00 -------- C:\WINDOWS\system32\cryptsvc.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\datime.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-08-15 00:39:59 ----A---- C:\WINDOWS\system32\danim.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dinput.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\digest.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\diantz.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\devenum.dll
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\defrag.exe
2009-08-15 00:39:58 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmime.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmband.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\dispex.dll
2009-08-15 00:39:57 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\drprov.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-08-15 00:39:56 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsound.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-08-15 00:39:55 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\duser.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dswave.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-08-15 00:39:54 ----A---- C:\WINDOWS\system32\dssec.dll
2009-08-15 00:39:53 ----N---- C:\WINDOWS\system32\es.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\esent.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\els.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-08-15 00:39:53 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-08-15 00:39:53 -------- C:\WINDOWS\system32\eventlog.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontview.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fontext.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\findstr.exe
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\feclient.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\exts.dll
2009-08-15 00:39:52 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-08-15 00:39:51 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\htui.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hlink.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hid.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\help.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-08-15 00:39:50 ----A---- C:\WINDOWS\system32\glu32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\input.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\initpki.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\imapi.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\idq.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icmp.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icm32.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-15 00:39:49 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-08-15 00:39:49 -------- C:\WINDOWS\system32\imm32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itss.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\itircl.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-08-15 00:39:48 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\licdll.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-08-15 00:39:47 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-15 00:39:47 -------- C:\WINDOWS\system32\linkinfo.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\makecab.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\magnify.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\logonui.exe
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localui.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\localsec.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-08-15 00:39:46 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-08-15 00:39:46 -------- C:\WINDOWS\system32\mfc40u.dll
2009-08-15 00:39:46 -------- C:\WINDOWS\system32\lsass.exe
2009-08-15 00:39:46 -------- C:\WINDOWS\system32\lpk.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\more.com
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\modemui.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mmc.exe
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mlang.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\midimap.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-08-15 00:39:45 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msdart.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msctf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mscms.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msafd.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mpr.dll
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-15 00:39:44 ----A---- C:\WINDOWS\system32\moricons.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-15 00:39:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msgina.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexcl40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msexch40.dll
2009-08-15 00:39:42 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msidle.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msident.dll
2009-08-15 00:39:40 ----A---- C:\WINDOWS\system32\msi.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msltus40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjtes40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjter40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msjet40.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msisip.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-08-15 00:39:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrepl40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspbde40.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-08-15 00:39:38 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mswdat10.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\msutb.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-15 00:39:37 ----A---- C:\WINDOWS\system32\mstext40.dll
2009-08-15 00:39:36 ----N---- C:\WINDOWS\system32\mswsock.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\narrator.exe
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxml.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\msxbde40.dll
2009-08-15 00:39:36 ----A---- C:\WINDOWS\system32\mswstr10.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netid.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netdde.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net1.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\net.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-08-15 00:39:35 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2009-08-15 00:39:35 -------- C:\WINDOWS\system32\netman.dll
2009-08-15 00:39:35 -------- C:\WINDOWS\system32\netlogon.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\npptools.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\notepad.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\newdev.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui1.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netui0.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netstat.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netshell.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsh.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netrap.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-08-15 00:39:34 ----A---- C:\WINDOWS\notepad.exe
2009-08-15 00:39:34 -------- C:\WINDOWS\system32\ntmssvc.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\objsel.dll
2009-08-15 00:39:33 ----A---- C:\WINDOWS\system32\oakley.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\packager.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\osk.exe
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\ole32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-08-15 00:39:32 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psbase.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\psapi.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\progman.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\profmap.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\polstore.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\ping.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pid.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfos.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pdh.dll
2009-08-15 00:39:31 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-08-15 00:39:31 -------- C:\WINDOWS\system32\powrprof.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\raschap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\query.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\quartz.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qedit.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qdv.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\qcap.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-08-15 00:39:30 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rexec.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\resutils.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\regapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\reg.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcp.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rastls.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-08-15 00:39:29 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-08-15 00:39:29 -------- C:\WINDOWS\system32\regsvc.dll
2009-08-15 00:39:28 ----N---- C:\WINDOWS\system32\rpcss.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\runonce.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsh.exe
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-08-15 00:39:28 ----A---- C:\WINDOWS\system32\riched20.dll
2009-08-15 00:39:28 -------- C:\WINDOWS\system32\schedsvc.dll
2009-08-15 00:39:28 -------- C:\WINDOWS\system32\scecli.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\setup.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sethc.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sens.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\security.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\secur32.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-08-15 00:39:27 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-08-15 00:39:27 -------- C:\WINDOWS\system32\sfcfiles.dll
2009-08-15 00:39:27 -------- C:\WINDOWS\system32\sfc.dll
2009-08-15 00:39:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shgina.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shell32.dll
2009-08-15 00:39:24 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\skeys.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-08-15 00:39:23 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-08-15 00:39:23 -------- C:\WINDOWS\system32\shsvcs.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sort.exe
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-08-15 00:39:22 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-15 00:39:22 -------- C:\WINDOWS\system32\ssdpsrv.dll
2009-08-15 00:39:22 -------- C:\WINDOWS\system32\srsvc.dll
2009-08-15 00:39:22 -------- C:\WINDOWS\system32\spoolsv.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\syncui.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\synceng.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sxs.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stobject.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stimon.exe
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\sti.dll
2009-08-15 00:39:21 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-15 00:39:21 -------- C:\WINDOWS\system32\svchost.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tree.com
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tracert.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\themeui.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\telnet.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-08-15 00:39:20 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-08-15 00:39:20 -------- C:\WINDOWS\system32\termsrv.dll
2009-08-15 00:39:20 -------- C:\WINDOWS\system32\tapisrv.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\ups.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\upnp.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\txflog.dll
2009-08-15 00:39:19 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-08-15 00:39:19 -------- C:\WINDOWS\system32\upnphost.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\version.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\verifier.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\utilman.exe
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\usp10.dll
2009-08-15 00:39:18 ----A---- C:\WINDOWS\system32\userenv.dll
2009-08-15 00:39:18 -------- C:\WINDOWS\system32\user32.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wextract.exe
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webvw.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-08-15 00:39:17 ----A---- C:\WINDOWS\system32\w32time.dll
2009-08-15 00:39:17 -------- C:\WINDOWS\system32\winlogon.exe
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wmi.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winver.exe
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsta.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winscard.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-08-15 00:39:16 ----A---- C:\WINDOWS\system32\winmm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wship6.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshext.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wscript.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-08-15 00:39:15 ----A---- C:\WINDOWS\system32\wow32.dll
2009-08-15 00:39:15 -------- C:\WINDOWS\system32\ws2_32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-08-15 00:39:14 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\format.com
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cmd.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-08-15 00:39:12 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-08-15 00:39:12 -------- C:\WINDOWS\system32\comctl32.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\locator.exe
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-08-15 00:39:11 ----A---- C:\WINDOWS\system32\ftp.exe
2009-08-15 00:39:11 -------- C:\WINDOWS\system32\msgsvc.dll
2009-08-15 00:39:11 -------- C:\WINDOWS\system32\kernel32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\samlib.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasman.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\printui.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-08-15 00:39:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\untfs.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\ulib.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\smss.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\schannel.dll
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\savedump.exe
2009-08-15 00:39:09 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-08-15 00:39:09 -------- C:\WINDOWS\system32\userinit.exe
2009-08-15 00:39:09 -------- C:\WINDOWS\system32\services.exe
2009-08-15 00:39:08 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-08-15 00:39:04 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-08-15 00:39:04 -------- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-15 00:39:04 -------- C:\WINDOWS\system32\ntkrnlpa.exe
2009-08-15 00:36:47 ----D---- C:\WINDOWS\EHome

======List of files/folders modified in the last 1 months======

2009-09-13 09:56:05 ----D---- C:\WINDOWS\system32\drivers
2009-09-11 18:22:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-11 16:21:31 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-09-10 17:47:10 ----D---- C:\WINDOWS\system32
2009-09-10 17:47:09 ----D---- C:\WINDOWS
2009-09-10 17:46:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 17:45:40 ----SD---- C:\WINDOWS\Tasks
2009-09-10 17:42:28 ----N---- C:\WINDOWS\system.ini
2009-09-10 17:39:04 ----D---- C:\WINDOWS\system32\config
2009-09-10 17:38:21 ----SHD---- C:\WINDOWS\Installer
2009-09-10 17:36:17 ----D---- C:\WINDOWS\AppPatch
2009-09-10 17:36:16 ----D---- C:\Program Files\Common Files
2009-09-10 17:30:57 ----RASH---- C:\boot.ini
2009-09-10 17:06:49 ----D---- C:\Program Files
2009-09-10 12:21:22 ----HD---- C:\WINDOWS\inf
2009-09-10 12:21:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-10 11:55:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 11:55:53 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 11:55:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 11:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-08 14:08:44 ----A---- C:\Boot.bak
2009-09-08 13:48:20 ----D---- C:\spoolerlogs
2009-09-08 12:55:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-08 12:34:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 12:28:59 ----D---- C:\Program Files\DivX
2009-09-08 12:21:00 ----HD---- C:\Program Files\Zero G Registry
2009-09-08 12:20:26 ----D---- C:\Program Files\Britannica Profiles
2009-09-06 16:21:18 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-05 12:01:06 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-20 08:45:57 ----D---- C:\Program Files\Google
2009-08-18 08:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 07:37:30 ----D---- C:\Documents and Settings
2009-08-17 16:22:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 15:42:45 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Media
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Help
2009-08-17 15:42:44 ----D---- C:\Program Files\Internet Explorer
2009-08-17 14:58:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-17 09:20:54 ----SHD---- C:\System Volume Information
2009-08-17 09:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-17 09:19:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-17 09:19:07 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-15 16:26:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-15 16:26:52 ----D---- C:\WINDOWS\addins
2009-08-15 15:36:52 ----D---- C:\WINDOWS\WinSxS
2009-08-15 14:57:20 ----RSD---- C:\WINDOWS\assembly
2009-08-15 14:13:32 ----D---- C:\fuse
2009-08-15 14:11:55 ----D---- C:\audio book
2009-08-15 11:49:32 ----D---- C:\JW info
2009-08-15 11:45:26 ----D---- C:\readers
2009-08-15 11:02:10 ----D---- C:\PDF'S
2009-08-15 10:57:34 ----D---- C:\phone
2009-08-15 10:56:53 ----D---- C:\Point & Shoot Videos
2009-08-15 10:55:44 ----D---- C:\pix
2009-08-15 10:47:14 ----D---- C:\av
2009-08-15 10:39:57 ----D---- C:\WINDOWS\Registration
2009-08-15 10:33:23 ----D---- C:\Program Files\egames
2009-08-15 10:19:59 ----D---- C:\Program Files\Real
2009-08-15 10:16:36 ----D---- C:\Program Files\Common Files\Real
2009-08-15 10:13:03 ----D---- C:\Documents and Settings\admin\Application Data\Real
2009-08-15 10:11:06 ----D---- C:\Program Files\ReadPlease 2003
2009-08-15 09:56:23 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-08-15 09:54:04 ----D---- C:\Program Files\ContMedia
2009-08-15 09:54:04 ----A---- C:\WINDOWS\GKM303DS.ini
2009-08-15 09:04:26 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-08-15 04:50:05 ----D---- C:\WINDOWS\system32\wbem
2009-08-15 03:38:49 ----D---- C:\Program Files\Outlook Express
2009-08-15 02:56:25 ----D---- C:\WINDOWS\security
2009-08-15 02:54:53 ----D---- C:\Program Files\Messenger
2009-08-15 02:44:43 ----D---- C:\WINDOWS\system32\Setup
2009-08-15 02:44:41 ----D---- C:\WINDOWS\network diagnostic
2009-08-15 02:44:40 ----D---- C:\WINDOWS\ime
2009-08-15 02:43:51 ----D---- C:\WINDOWS\system32\usmt
2009-08-15 02:43:40 ----D---- C:\WINDOWS\PeerNet
2009-08-15 02:43:40 ----D---- C:\Program Files\Movie Maker
2009-08-15 02:38:06 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-15 02:38:01 ----D---- C:\WINDOWS\system32\Restore
2009-08-15 02:38:00 ----D---- C:\WINDOWS\system32\npp
2009-08-15 02:37:59 ----D---- C:\WINDOWS\msagent
2009-08-15 02:37:57 ----D---- C:\WINDOWS\srchasst
2009-08-15 02:37:55 ----D---- C:\Program Files\NetMeeting
2009-08-15 02:37:54 ----D---- C:\WINDOWS\system32\Com
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows NT
2009-08-15 02:37:53 ----D---- C:\Program Files\Windows Media Player
2009-08-15 02:37:51 ----D---- C:\Program Files\Common Files\System
2009-08-15 02:37:41 ----D---- C:\WINDOWS\system32\oobe
2009-08-15 02:37:39 ----D---- C:\WINDOWS\system
2009-08-15 00:41:49 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avp;avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------



5. How is the computer behaving?

ITEM 1

iexplorer is acting a little different -

at blockbuster.com, i used to get popups of explanation of movies when i moused over the title

i got a couple of error msgs - these were repeatable if i went to the same web address a day later
they occurred when i moused over a hot spot ie; home

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Fri, 11 Sep 2009 16:13:05 UTC

Message: 'SeekingAlpha' is undefined
Line: 404
Char: 1
Code: 0
URI: http://seekingalpha.com/article/28238-t ... eposit-box


Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Fri, 11 Sep 2009 16:15:27 UTC

Message: 'SeekingAlpha' is undefined
Line: 413
Char: 2
Code: 0
URI: http://static.seekingalpha.com/javascri ... 1252485444


Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Fri, 11 Sep 2009 22:29:53 UTC


Message: Object expected
Line: 48
Char: 1
Code: 0
URI: http://www.magsbags.com/fleecebags.html


Message: Object expected
Line: 48
Char: 1
Code: 0
URI: http://www.magsbags.com/fleecebags.html


ITEM 2

kaspersky will expire in 3 days - my plan was to use norton 360 as my product. i will not install it
till you OK it. will the loss of kaspersky make any difference to you?


THANKS FOR YOUR CONTINUED HELP - HOW DO YOU THINK THINGS ARE COMMING?

- al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 14th, 2009, 7:29 am

Hi ard,
Your welcome... I told you I would stay with you until the end. :) As far as how things are going... we still have some things to take care of but overall things are looking pretty good. There are still some entries I need more information on... I want to make sure they will not cause you problems in the future, so please stick with me.

Personally, I don't care for the Norton AV or Internet Suite(s) that much. I believe they use too many resources. There are some free Anti-virus programs available that do a very nice job, as well as some free software Firewall programs that provide inbound and outbound protection. Some free AV programs available:
1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Whatever you choose to do, make sure you download the new AV program first, disconnect from the Internet, uninstall the old AV program, reboot, then install the new AV program and update to obtain the latest protection database. We can discuss firewalls in a later post.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RegSearch ... by Bobbi Flekman © 2005-2007 ... Written by F. Staal
You should still have this available, on your desktop
The last run didn't show me what I needed to see... so we need to check something different
  1. Double click on regsearch.exe to run it.
  2. Copy and paste the following text (one entry per line) into the "Enter search strings (case independent) and click OK..." section (red highlighted area in the screenshot below).
    Code: Select all
    oaofebfcooaennmldimllfnpkdeddk
    oakeeiafbknjlbdpdmhbjhfdcampmp
    naafkghclfiefjbaphoacnjbhlmk
    
    Image

  3. Make sure all the check boxes in the "Search" section are checked (blue outlined section in the screenshot above).
  4. Click OK.
  5. When done, a text file will be created and automatically opened called: "RegSearch.txt".
    File can be found on your desktop or whatever folder RegSearch was extracted to originally.
Please copy and paste the contents of RegSearch.txt in your next reply.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New RegSearch.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 14th, 2009, 8:51 am

wingman -

since kaspersky is expiring in 2 days, can I install one of the AV programs you mentioned? i'd rather not run with NO protection at all.


1. Any problem executing the instructions?

no


2. New RegSearch.txt file contents

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 9/14/2009 8:39:08 AM for strings:
; 'oaofebfcooaennmldimllfnpkdeddk'
; 'oakeeiafbknjlbdpdmhbjhfdcampmp'
; 'naafkghclfiefjbaphoacnjbhlmk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

thanks
- al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 14th, 2009, 4:56 pm

Hi ard,
Yes, you can, that's why I gave you those alternate suggestions. Which one you choose, is your preference. If you try one and don't like it, then you can try a different one.
Please make sure you follow this sequence of actions when dealing with installing / uninstalling AV programs:
  1. Download the new AV program.. while old AV is still functioning.
  2. Disconnect from the Internet.
  3. Uninstall the old AV program... either using Add/Remove Programs in Control Panel or if the AV program has an uninstall entry in the Start Menu.
    Follow all uninstall steps.
  4. Reboot... the uninstall process may ask you to do this... if NOT, please do it before installing the new AV product.
  5. Install the new AV program.
  6. Perform an update of the new AV program, to obtain the latest protection databases available.
  7. Run a full scan with the new AV product.
  8. After the scan, please copy/paste the scan results in your next reply.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 15th, 2009, 12:58 pm

wingman -

thanks for your quick response - i chose avira
i was suprised that it found 8 files. am i back to square 1 - do i really need to reformat?

thanks
- al

Avira AntiVir Personal
Report file date: Tuesday, September 15, 2009 11:00

Scanning for 1712296 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : OWLDELL

Version information:
BUILD.DAT : 9.0.0.408 17961 Bytes 8/26/2009 16:51:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.5.201 3414528 Bytes 9/3/2009 14:57:17
ANTIVIR3.VDF : 7.1.5.246 418816 Bytes 9/15/2009 14:57:18
Engineversion : 8.2.1.14
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.31 475513 Bytes 9/15/2009 14:57:22
AESCN.DLL : 8.1.2.5 127346 Bytes 9/15/2009 14:57:21
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/15/2009 14:57:21
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/15/2009 14:57:19
AEGEN.DLL : 8.1.1.62 364916 Bytes 9/15/2009 14:57:19
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.8 184692 Bytes 9/15/2009 14:57:19
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/15/2009 14:59:16
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, September 15, 2009 11:00

Starting search for hidden objects.
'46506' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
24 processes with 24 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\i386\GTDownDE_87.ocx
[DETECTION] Contains recognition pattern of the ADSPY/Gdown adware or spyware
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP112\A0031992.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP112\A0031993.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0033266.dll
[DETECTION] Is the TR/TDss.apoy Trojan
C:\WINDOWS\ie7.log
[DETECTION] Is the TR/Dldr.PIF.Agen.BL Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8X67852V\voj[1].png
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CT2BKTI7\README[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
C:\zz@owl-del\ZD\pb-extra\ABC\ABC\BINARY.ABC
[DETECTION] Contains suspicious code HEUR/HTML.Malware

Beginning disinfection:
C:\i386\GTDownDE_87.ocx
[DETECTION] Contains recognition pattern of the ADSPY/Gdown adware or spyware
[NOTE] The file was moved to '4af3bc2e.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP112\A0031992.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4adfbc0a.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP112\A0031993.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b5f9d2b.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP113\A0033266.dll
[DETECTION] Is the TR/TDss.apoy Trojan
[NOTE] The file was moved to '4adfbc0b.qua'!
C:\WINDOWS\ie7.log
[DETECTION] Is the TR/Dldr.PIF.Agen.BL Trojan
[NOTE] The file was moved to '4ae6bc40.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8X67852V\voj[1].png
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was moved to '4b19bc4a.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CT2BKTI7\README[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4af0bc20.qua'!
C:\zz@owl-del\ZD\pb-extra\ABC\ABC\BINARY.ABC
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4afdbc24.qua'!


End of the scan: Tuesday, September 15, 2009 12:07
Used time: 1:05:35 Hour(s)

The scan has been done completely.

8372 Scanned directories
356259 Files were scanned
7 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
356250 Files not concerned
10826 Archives were scanned
1 Warnings
9 Notes
46506 Objects were scanned with rootkit scan
0 Hidden objects were found
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 16th, 2009, 7:56 am

Hi ard,
Good job getting Avira installed and producing the scan. Let's continue... :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Please note, the RSIT rerun step has some changes in it... read carefully.

Step 1.
ComboFix - CFScript
This script is for this individual computer and user. Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
Please disable any Antivirus or Firewall you have active. You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\WINDOWS\oxemimesu.dll 
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\WINDOWS\system32\blank.htm"
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bneyibe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active:
      AVIRA ANTIVIR
      Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
      • right click it-> untick the option AntiVir Guard enable.
      • You should now see a closed, white umbrella on a red background (looks to this: Image )
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

** Enable your Antivirus, before connecting to the Internet again! **

Step 2.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

NOTE: this is different than the previous re-runs... please see the addition of the folder deletion.
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:

  1. C:\RSIT <-- delete this entire folder , then...
  2. Double click on RSIT.exe to run it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "C:\RSIT\log.txt", will be maximized... the second one, "C:\RSIT\info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ComboFix log/report
  3. RSIT log AND info.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 16th, 2009, 2:50 pm

wingman -

1. Any problem executing the instructions?

no

2. ComboFix log/report

ComboFix 09-09-10.01 - admin 09/16/2009 13:59.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.278 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\oxemimesu.dll"
.

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2010-03-12 17:09 . 2010-03-12 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PKWARE
2010-03-12 17:09 . 2010-03-12 17:09 -------- d-----w- c:\documents and settings\admin\Application Data\PKWARE
2010-03-12 16:27 . 2010-03-12 16:27 -------- d-----w- c:\program files\ZipItFree
2010-03-12 16:27 . 2010-03-12 16:27 -------- d-----w- c:\windows\ZipItFree
2009-09-15 15:37 . 2009-09-15 15:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-15 14:53 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-15 14:53 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-15 14:53 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-15 14:53 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-15 14:53 . 2009-09-15 14:53 -------- d-----w- c:\program files\Avira
2009-09-15 14:53 . 2009-09-15 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-10 21:06 . 2009-09-10 21:07 -------- d-----w- c:\program files\ERUNT
2009-09-10 15:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\program files\DIFX
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\kinoma
2009-09-10 14:36 . 2009-09-10 14:36 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\kinoma
2009-09-10 14:27 . 2009-09-10 14:27 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Sony Corporation
2009-09-10 14:26 . 2009-09-10 16:21 -------- d-----w- c:\program files\Sony
2009-09-08 16:52 . 2009-09-08 16:52 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2009-09-04 18:40 . 2009-09-04 19:04 -------- d-----w- c:\documents and settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 18:39 . 2009-09-04 18:39 -------- d-----w- c:\program files\Free Spider
2009-09-04 13:59 . 2009-09-04 13:59 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-09-04 13:59 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 13:59 . 2009-09-13 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 13:59 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 13:59 . 2009-09-04 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 06:21 . 2009-09-13 14:45 -------- d-----w- c:\program files\trend micro
2009-08-31 06:21 . 2009-08-31 06:24 -------- d-----w- C:\rsit
2009-08-25 05:31 . 2009-08-25 05:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-24 21:04 . 2009-08-24 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-24 21:04 . 2009-08-24 21:04 -------- d-----w- c:\program files\Security Task Manager
2009-08-24 14:18 . 2009-09-15 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 16:49 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-18 16:49 . 2009-08-18 16:49 -------- d-----w- c:\program files\Panda Security
2009-08-18 16:10 . 2009-08-18 16:10 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-18 11:38 . 2009-08-18 11:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-17 19:47 . 2009-08-17 19:47 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-17 19:44 . 2009-08-17 19:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-17 19:37 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-17 19:37 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-17 19:37 . 2009-08-18 17:44 -------- d-----w- c:\windows\ie8updates
2009-08-17 19:37 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-17 19:36 . 2009-08-17 19:36 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 22:47 . 2008-10-22 16:59 -------- d-----w- c:\documents and settings\admin\Application Data\mjusbsp
2009-09-10 21:24 . 2005-08-04 18:07 82936 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 15:55 . 2008-01-23 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 16:34 . 2005-07-15 20:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 16:28 . 2006-08-21 22:02 -------- d-----w- c:\program files\DivX
2009-09-08 16:21 . 2007-05-25 19:18 -------- d--h--w- c:\program files\Zero G Registry
2009-09-08 16:20 . 2007-05-25 19:19 -------- d-----w- c:\program files\Britannica Profiles
2009-08-25 05:01 . 2006-07-02 19:14 -------- d-----w- c:\program files\Microsoft Works
2009-08-24 13:42 . 2009-04-08 14:17 0 ----a-w- c:\windows\Xlupilawetida.bin
2009-08-20 12:45 . 2006-08-12 00:43 -------- d-----w- c:\program files\Google
2009-08-17 18:58 . 2007-06-23 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-17 13:19 . 2009-08-13 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 13:19 . 2005-07-15 20:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-17 13:19 . 2009-08-13 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-15 14:33 . 2008-12-03 20:41 -------- d-----w- c:\program files\egames
2009-08-15 14:19 . 2008-02-29 20:41 -------- d-----w- c:\program files\Real
2009-08-15 14:16 . 2008-02-29 20:41 -------- d-----w- c:\program files\Common Files\Real
2009-08-15 14:11 . 2008-02-25 16:37 -------- d-----w- c:\program files\ReadPlease 2003
2009-08-15 13:56 . 2007-06-23 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-08-15 13:54 . 2008-04-28 16:17 -------- d-----w- c:\program files\ContMedia
2009-08-15 13:04 . 2006-03-18 01:48 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-08-13 20:45 . 2005-07-15 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-13 17:47 . 2009-08-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-13 17:31 . 2009-08-13 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-13 16:06 . 2009-08-13 16:06 18534 ----a-w- c:\program files\Common Files\llywep.llywep
2009-08-13 16:06 . 2009-08-13 16:06 11288 ----a-w- c:\program files\Common Files\jjelyjy.jelly
2009-08-13 16:06 . 2009-08-13 16:06 16443 ----a-w- c:\program files\Common Files\yyzyzugosifo.dlb
2009-08-13 16:06 . 2009-08-13 16:06 11264 ----a-w- c:\documents and settings\admin\Application Data\ijakigalic.dat
2009-08-05 09:01 . 2009-08-15 04:39 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:17 . 2009-08-01 17:17 36 ----a-w- c:\windows\system32\Drv64_32.dat
2009-08-01 17:17 . 2009-08-01 17:17 350240 ----a-w- c:\windows\system32\PbsAuDrvPropPage_uk.dll
2009-08-01 17:17 . 2009-08-01 17:17 110752 ----a-w- c:\windows\system32\drivers\pbsaudrv.sys
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\program files\PolderbitS
2009-07-31 19:17 . 2009-07-31 19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-07-31 19:17 . 2009-07-31 19:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-31 18:00 . 2009-07-31 18:00 -------- d-----w- c:\program files\Mo-orola
2009-07-31 16:33 . 2009-07-31 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\admin
2009-07-31 16:32 . 2009-07-31 16:32 -------- d-----w- c:\program files\SyncCell
2009-07-31 16:01 . 2009-07-31 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-31 16:00 . 2009-07-31 16:00 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-29 19:10 . 2008-12-04 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-29 04:37 . 2009-08-15 04:39 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2009-08-15 04:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-24 16:10 . 2009-01-05 18:24 -------- d-----w- c:\documents and settings\admin\Application Data\Ahead
2009-07-19 22:55 . 2009-07-19 21:55 -------- d-----w- c:\program files\Pistonsoft MP3 Tags Editor
2009-07-19 21:55 . 2009-07-19 21:55 -------- d-----w- c:\documents and settings\admin\Application Data\Pistonsoft
2009-07-19 21:11 . 2009-07-19 21:11 -------- d-----w- c:\program files\Pistonsoft Text to Speech Converter
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2009-08-15 04:39 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2009-08-15 04:39 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2009-08-15 04:39 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2009-08-15 04:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2009-08-15 04:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2009-08-15 04:39 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2009-08-15 04:39 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
1812-01-05 21:46 . 1812-01-05 21:46 4252 --sh--w- c:\windows\windllreg1b.sys
1821-02-11 23:41 . 1821-02-11 23:41 4263 --sh--w- c:\windows\windllreg1c.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_21.42.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-09-15 14:53 . 2009-05-11 14:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-09-15 14:49 . 2009-09-15 14:49 228352 c:\windows\Installer\a8d20.msi
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\admin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
backup=c:\windows\pss\PolderbitS Audio Driver Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3 (0x3)
"LiveUpdate Notice Ex"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MotoConnect Service"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1ca105c13ac1bc4"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\admin\\Application Data\\mjusbsp\\magicJack.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/18/2009 12:49 PM 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2009 10:53 AM 108289]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [8/1/2009 1:17 PM 110752]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/26/2005 6:19 PM 20160]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [9/20/2007 6:03 PM 181888]
S3 ionwpvvc;Watchport/V2 USB Camera;c:\windows\system32\drivers\ionwpvvc.sys [2/20/2008 4:50 PM 38656]
S4 Compass Server;Compass Server; [x]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2009 10:51 AM 133104]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 14:50]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3277941142-1728969546-3919492650-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B8DA90D-0FD0-9EC6-D03B-B72F1EA63631}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3277941142-1728969546-3919492650-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{701AE01E-57DC-62B6-726A-E623E013E9AB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaofebfcooaennmldimllfnpkdeddk"=hex:64,61,6c,6c,6c,6f,68,6b,00,85
"oakeeiafbknjlbdpdmhbjhfdcampmp"=hex:6a,61,6c,6c,61,70,63,6a,65,70,70,6b,6e,61,
64,66,67,6d,6c,6b,00,0f
"naafkghclfiefjbaphoacnjbhlmk"=hex:6a,61,6f,6c,70,6f,63,6b,70,67,67,69,70,65,
67,67,63,64,67,65,00,07
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-16 14:11
ComboFix-quarantined-files.txt 2009-09-16 18:11
ComboFix2.txt 2009-09-10 21:47

Pre-Run: 95,306,735,616 bytes free
Post-Run: 95,259,348,992 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
260 --- E O F --- 2009-09-10 15:58
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby ard » September 16th, 2009, 2:51 pm

3. RSIT log AND info.txt file contents

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-16 14:20:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 91 GB (61%) free of 149 GB
Total RAM: 510 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:58 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 3408 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-09-16 14:20:21 ----D---- C:\rsit
2009-09-16 14:18:56 ----SHD---- C:\RECYCLER
2009-09-16 14:11:28 ----D---- C:\WINDOWS\temp
2009-09-16 14:11:26 ----A---- C:\ComboFix.txt
2009-09-15 10:53:21 ----D---- C:\Program Files\Avira
2009-09-15 10:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-09-10 17:30:42 ----RASHD---- C:\cmdcons
2009-09-10 17:29:26 ----A---- C:\WINDOWS\zip.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWSC.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWREG.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\sed.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\PEV.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\grep.exe
2009-09-10 17:29:00 ----D---- C:\Qoobox
2009-09-10 17:09:18 ----D---- C:\WINDOWS\ERDNT
2009-09-10 17:06:49 ----D---- C:\Program Files\ERUNT
2009-09-10 11:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 11:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 11:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-10 10:36:37 ----D---- C:\Program Files\DIFX
2009-09-10 10:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\kinoma
2009-09-10 10:26:58 ----D---- C:\Program Files\Sony
2009-09-08 18:34:28 ----A---- C:\netstet.txt
2009-09-08 14:13:26 ----A---- C:\d.txt
2009-09-08 13:59:20 ----A---- C:\dd.txt
2009-09-04 14:40:08 ----D---- C:\Documents and Settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 14:39:50 ----D---- C:\Program Files\Free Spider
2009-09-04 09:59:17 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes
2009-09-04 09:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 09:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-31 02:26:11 ----A---- C:\Rooter_1.txt
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 12:49:42 ----D---- C:\Program Files\Panda Security
2009-08-17 15:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 15:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-17 15:37:18 ----D---- C:\WINDOWS\ie8updates
2009-08-17 15:36:20 ----HDC---- C:\WINDOWS\ie8
2009-08-17 15:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-17 15:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

======List of files/folders modified in the last 1 months======

2009-09-16 14:11:29 ----D---- C:\WINDOWS\system32
2009-09-16 14:11:28 ----D---- C:\WINDOWS
2009-09-16 14:08:04 ----N---- C:\WINDOWS\system.ini
2009-09-16 14:04:40 ----D---- C:\WINDOWS\system32\drivers
2009-09-16 14:04:40 ----D---- C:\WINDOWS\AppPatch
2009-09-16 14:04:33 ----D---- C:\Program Files\Common Files
2009-09-16 13:58:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-15 18:47:00 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-09-15 12:26:36 ----D---- C:\install
2009-09-15 10:53:32 ----HD---- C:\WINDOWS\inf
2009-09-15 10:53:21 ----D---- C:\Program Files
2009-09-15 10:49:36 ----SHD---- C:\WINDOWS\Installer
2009-09-15 10:49:35 ----D---- C:\WINDOWS\WinSxS
2009-09-10 17:46:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 17:45:40 ----SD---- C:\WINDOWS\Tasks
2009-09-10 17:39:04 ----D---- C:\WINDOWS\system32\config
2009-09-10 17:30:57 ----ASH---- C:\boot.ini
2009-09-10 12:21:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-10 11:55:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 11:55:53 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 11:55:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 11:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-08 14:08:44 ----A---- C:\Boot.bak
2009-09-08 13:48:20 ----D---- C:\spoolerlogs
2009-09-08 12:55:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-08 12:34:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 12:28:59 ----D---- C:\Program Files\DivX
2009-09-08 12:21:00 ----HD---- C:\Program Files\Zero G Registry
2009-09-08 12:20:26 ----D---- C:\Program Files\Britannica Profiles
2009-09-06 16:21:18 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-05 12:01:06 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-20 08:45:57 ----D---- C:\Program Files\Google
2009-08-18 08:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 07:37:30 ----D---- C:\Documents and Settings
2009-08-17 16:22:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 15:42:45 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Media
2009-08-17 15:42:44 ----D---- C:\WINDOWS\Help
2009-08-17 15:42:44 ----D---- C:\Program Files\Internet Explorer
2009-08-17 14:58:47 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-17 09:20:54 ----SHD---- C:\System Volume Information
2009-08-17 09:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-08-17 09:19:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-17 09:19:07 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 catchme;catchme; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


**********************************************************************************************
**********************************************************************************************
**********************************************************************************************


info.txt logfile of random's system information tool 1.06 2009-09-16 14:20:59

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3003 Crystal Mazes-->"C:\Program Files\Selectsoft\3003 Crystal Mazes\uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09789D9D-CBBE-43C8-A4C9-69DB2C79BF1F}\SETUP.exe" -l0x9 -removeonly /uninst
ClocX (1.5b1)-->"C:\Program Files\ClocX\Uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 962-->C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Direct MIDI to MP3 Converter version 6.0.0.27-->"C:\Program Files\Direct MIDI to MP3 Converter\unins000.exe"
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
dvdSanta 4.50-->"C:\Program Files\dvdSanta\unins000.exe"
DVDStyler v1.7.1-->"C:\Program Files\DVDStyler\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Inside Out Networks Watchport/V Drivers (Remove only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836997E1-7C7D-11D6-BE73-00065B4930CB}\Setup.exe" -l0x9 -uninst
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\IrfanView\iv_uninstall.exe
ISA 2 basic-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - CLV module 1.1.5-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - YLT module 1.1.2-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LADSPA_plugins-win-0.4.15-->"C:\Audacity\Plug-Ins\unins000.exe"
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Mahjongg Master Special Edition-->C:\PROGRA~1\egames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\egames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MAZE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7140685C-9274-4DEF-94B5-2B1AA8A094DC}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Express 2000-->MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
MID Converter 4.2-->C:\Program Files\MID Converter 4.2\uninst.exe
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Samples-->MsiExec.exe /I{A918DE8A-98C8-0900-0001-000000000000}
Naevius GVI Converter 1.3-->"C:\Program Files\Naevius GVI Converter\unins000.exe"
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pistonsoft MP3 Tags Editor-->"C:\Program Files\Pistonsoft MP3 Tags Editor\Uninstall.exe" "C:\Program Files\Pistonsoft MP3 Tags Editor\install.log"
Pistonsoft Text to Speech Converter 1.11.0-->"C:\Program Files\Pistonsoft Text to Speech Converter\unins000.exe"
PolderbitS Sound Recorder and Editor-->"C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
PS-Utility-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PS Utility\DeIsL2.isu"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SyncCell 3.0-->C:\Program Files\SyncCell\uninstall.exe C:\Program Files\SyncCell\uninstall.log
TMS Explorer-->"C:\Program Files\TMSExplorer\UnInstall.exe"
TTS-->MsiExec.exe /X{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}
TVPCElite-->"C:\Program Files\TVPCElite\unins000.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Video Camera-->MsiExec.exe /I{8527C3D5-BA1D-46E9-88D2-AF25544311A3}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Word in Works Suite add-in-->MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
ZipItFree 1.80-->"C:\WINDOWS\ZipItFree\uninstall.exe" "/U:C:\Program Files\ZipItFree\irunin.xml"

======Security center information======

AV: AntiVir Desktop (disabled)

======System event log======

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62863
Source Name: Service Control Manager
Time Written: 20090815090446.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62860
Source Name: Service Control Manager
Time Written: 20090815090445.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62857
Source Name: Service Control Manager
Time Written: 20090815090445.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62854
Source Name: Service Control Manager
Time Written: 20090815090445.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62851
Source Name: Service Control Manager
Time Written: 20090815090445.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50336
Source Name: Userenv
Time Written: 20090512174350.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 50168
Source Name: crypt32
Time Written: 20090510100154.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49864
Source Name: Userenv
Time Written: 20090506092227.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 49574
Source Name: crypt32
Time Written: 20090502132545.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49572
Source Name: Userenv
Time Written: 20090502132057.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


4. How is the computer behaving?

i have no new problems and the old problems are gone. but i was bothered by the fact that avscan found more 'bad' files. let me know what's next.

thanks -
al
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 17th, 2009, 6:33 pm

Hi ard,
Good job with the CFScript file execution. Thanks for hanging in there. :)

If you haven't done so... please make sure your Avira anti-virus is enabled and providing real-time protection.

The Avira scan did show some other files...One may be a false positive... meaning that anti-virus programs "think" it is a bad file but in reality it is not.
Some of the files are located in your Temporary Internet file folder and some in old System Restore points. Unfortunately when System Restore doesn't know if the files it backs up are infected or not. We will take care of these files in a little while.
In the mean time, don't use the System Restore feature to restore your system or you will re-infect yourself. If needed, you can use the ERUNT backup to restore your system... but hopefully a restoration will not be needed.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

There are some files I see in the ComboFix log, that I can find no information on, I need to see if these are bad. I would like you upload them to a place where experts can analyze them.

Step 1.
ZIP - Compress Multiple files
Upload to Bleeping Computer
I need you to create a zipped or compressed folder containing multiple files.
  1. Using Windows Explorer... locate (one at a time) the following files:
    c:\program files\Common Files\llywep.llywep
    c:\program files\Common Files\jjelyjy.jelly
    c:\program files\Common Files\yyzyzugosifo.dlb
    c:\documents and settings\admin\Application Data\ijakigalic.dat

    Once you have located the FIRST file in the above list
  2. Right click on the file, from the drop down menu...select "Send To"
  3. From the "Send To" drop down menu... select "Compressed (zipped) folder"
    A zipped folder will be created in the same directory where the file was located, named filename.zip.
    Filename = name of the file sent to the compressed folder.
  4. Locate filename.zip and drag it to your desktop.
    If there are other files to be included, continue... otherwise, please go to step 6.
  5. Locate the next file listed and drag it into the folder you just placed on your desktop.
    Repeat the above step for each additional file in the list.
  6. With all files needed in the zipped folder... please go to:
    BC - Channel 87
  7. In the "Link to topic where this file was requested:" box, copy and paste the following link:
    http://www.malwareremoval.com/forum/viewtopic.php?p=465683#p465683
  8. Then click the Browse button... navigate to the desktop, locate the zipped folder, highlight it, then press the Open... button.
    The name of the zipped folder should be seen in the " Browse to the file you want to submit: " window.
  9. Click the "Send File"... button. You're done.
The files will be analyzed by experts and results sent back.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Computer still behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 17th, 2009, 10:59 pm

wingman -

1. Any problem executing the instructions?

NO
I INCLUDED THE BOLD NOTE BELOW - THESE WERE COPIES OF THE FILES YOU IDENTIFIED ON SAT.SEPT. 5
YOU WANTED ME TO -
@echo off
copy "C:\WINDOWS\tasks\$~$Sys0$.job" "%userprofile%\desktop\job.txt"
echo ========== end of job.txt file ========== >> "%userprofile%\desktop\job.txt"
copy "C:\Program Files\Common Files\lywep.bat" "%userprofile%\desktop\lywep.txt"
echo ========== end of lywep.txt file ========== >> "%userprofile%\desktop\lywep.txt"
copy "C:\Documents and Settings\All Users\Application Data\ubuly.bat" "%userprofile%\desktop\ubuly.txt"
echo ========== end of ubuly.txt file ========== >> "%userprofile%\desktop\ubuly.txt"
del %0

THE BINARY FILES WOULD NOT COPY SO I DELETED THEM AFTER MAKING THE COPIES


these files are copies of 3 files that claimed to be basic files and one dll that wingman thought might be bad. i made these copies, moved them, and changed their names to keep them from being run. they can be removed any time you want.


WHEN TRYING TO SEND THE ZIP FILE I GOT THIS ERROR - BUT IT SEEMED TO WORK

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Timestamp: Fri, 18 Sep 2009 02:36:58 UTC


Message: Object expected
Line: 300
Char: 113
Code: 0
URI: http://www.bleepingcomputer.com/submit- ... channel=87


2. Computer still behaving?

COMPUTER SEEMS FINE. I HAVE NEVER MADE A BACKUP OR RESTORE USING XP. IF I COULD REMOVE SOME - MOST - ALL THAT WOULD BE FINE WITH ME.

THANKS -
AL
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am

Re: google browser redirection

Unread postby Wingman » September 18th, 2009, 3:12 pm

Hi ard,
The files uploaded came back clean, so that's real good. We're getting there. :)

Please print these instructions, as you will not have Internet access during some steps

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Let's clean up some stuff found during the past steps. Please note the folder deletion request in the RSIT step.

Step 1.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    Hijackthis 1.99.1
    Java 2 Runtime Environment, SE v1.4.2_03
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished...close/exit Add/Remove Programs.

Step 2.
Delete Multiple Files
We need to delete some files.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    REM: Delete specific files within a Directory
    del /f /s /q "c:\program files\Common Files\llywep.llywep"
    del /f /s /q "c:\program files\Common Files\jjelyjy.jelly"
    del /f /s /q "c:\program files\Common Files\yyzyzugosifo.dlb"
    del /f /s /q "c:\documents and settings\admin\Application Data\ijakigalic.dat"
    del %0
  2. Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    Image
    delfile.bat <<------------- you should see this on your desktop.
  3. Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  4. The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Step 3.
Java Runtime Environment Install
Please... PRINT THESE INSTRUCTIONS ... you will not have Internet access during some steps!
Security threats exist for older versions of Java, it's best to keep this updated.
DOWNLOAD CURRENT VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Click on the link to download Windows Offline Installation and save the file to your desktop.
INSTALL CURRENT VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... double-click on jre-6u16-windows-i586.exe to install the newest version.
  3. Follow installation prompts. When installation is complete...Reboot your computer.
  4. Once the computer has been restarted, click you web browser icon to start it.
You can delete the "downloaded" installation file from your desktop.

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Double click on RSIT.exe to run it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "C:\RSIT\log.txt", will be maximized... the second one, "C:\RSIT\info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New RSIT log and info file contents
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: google browser redirection

Unread postby ard » September 19th, 2009, 10:51 am

wingman -
1. Any problem executing the instructions?

NO

2. New RSIT log and info file contents

OK

3. How is the computer behaving?

COMPUTER SEEMS FINE. I HAVE NEVER MADE A BACKUP OR RESTORE USING XP.
IF I COULD REMOVE SOME - MOST - ALL THAT WOULD BE FINE WITH ME.

THANKS -
AL

info.txt logfile of random's system information tool 1.06 2009-09-19 10:32:01

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3003 Crystal Mazes-->"C:\Program Files\Selectsoft\3003 Crystal Mazes\uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Brother HL-2140-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09789D9D-CBBE-43C8-A4C9-69DB2C79BF1F}\SETUP.exe" -l0x9 -removeonly /uninst
ClocX (1.5b1)-->"C:\Program Files\ClocX\Uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CrossHair-->MsiExec.exe /I{05B68931-AD1D-4879-AF0E-D2BFF9750C58}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 962-->C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Direct MIDI to MP3 Converter version 6.0.0.27-->"C:\Program Files\Direct MIDI to MP3 Converter\unins000.exe"
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
dvdSanta 4.50-->"C:\Program Files\dvdSanta\unins000.exe"
DVDStyler v1.7.1-->"C:\Program Files\DVDStyler\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Inside Out Networks Watchport/V Drivers (Remove only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836997E1-7C7D-11D6-BE73-00065B4930CB}\Setup.exe" -l0x9 -uninst
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel(R) PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\IrfanView\iv_uninstall.exe
ISA 2 basic-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - CLV module 1.1.5-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
ISA 2.0 - YLT module 1.1.2-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LADSPA_plugins-win-0.4.15-->"C:\Audacity\Plug-Ins\unins000.exe"
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Mahjongg Master Special Edition-->C:\PROGRA~1\egames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\egames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MAZE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7140685C-9274-4DEF-94B5-2B1AA8A094DC}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Express 2000-->MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
MID Converter 4.2-->C:\Program Files\MID Converter 4.2\uninst.exe
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Samples-->MsiExec.exe /I{A918DE8A-98C8-0900-0001-000000000000}
Naevius GVI Converter 1.3-->"C:\Program Files\Naevius GVI Converter\unins000.exe"
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pistonsoft MP3 Tags Editor-->"C:\Program Files\Pistonsoft MP3 Tags Editor\Uninstall.exe" "C:\Program Files\Pistonsoft MP3 Tags Editor\install.log"
Pistonsoft Text to Speech Converter 1.11.0-->"C:\Program Files\Pistonsoft Text to Speech Converter\unins000.exe"
PolderbitS Sound Recorder and Editor-->"C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
PS-Utility-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PS Utility\DeIsL2.isu"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SyncCell 3.0-->C:\Program Files\SyncCell\uninstall.exe C:\Program Files\SyncCell\uninstall.log
TMS Explorer-->"C:\Program Files\TMSExplorer\UnInstall.exe"
TTS-->MsiExec.exe /X{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}
TVPCElite-->"C:\Program Files\TVPCElite\unins000.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\Documents and Settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}\PowerSuite2009.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}\SpeedUpMyPC.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Video Camera-->MsiExec.exe /I{8527C3D5-BA1D-46E9-88D2-AF25544311A3}
Watchtower Library 2008 - English-->C:\Program Files\Watchtower\Watchtower Library 2008\E\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Word in Works Suite add-in-->MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
ZipItFree 1.80-->"C:\WINDOWS\ZipItFree\uninstall.exe" "/U:C:\Program Files\ZipItFree\irunin.xml"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62971
Source Name: Service Control Manager
Time Written: 20090815091952.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62968
Source Name: Service Control Manager
Time Written: 20090815091952.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62965
Source Name: Service Control Manager
Time Written: 20090815091952.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62962
Source Name: Service Control Manager
Time Written: 20090815091952.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 62959
Source Name: Service Control Manager
Time Written: 20090815091952.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50336
Source Name: Userenv
Time Written: 20090512174350.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 50168
Source Name: crypt32
Time Written: 20090510100154.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49864
Source Name: Userenv
Time Written: 20090506092227.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWLDELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 49574
Source Name: crypt32
Time Written: 20090502132545.000000-240
Event Type: error
User:

Computer Name: OWLDELL
Event Code: 1517
Message: Windows saved user OWLDELL\admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49572
Source Name: Userenv
Time Written: 20090502132057.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2009-09-19 10:31:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 89 GB (60%) free of 149 GB
Total RAM: 510 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:55 AM, on 9/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3863 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16 []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe [2007-07-31 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\admin\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
C:\Program Files\ClocX\ClocX.exe [2005-01-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [2005-01-18 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-23 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
C:\PROGRA~1\POLDER~1\Recorder\Driver\PBDRIV~1.EXE [2009-08-01 157728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=3
"LiveUpdate Notice Ex"=3
"LiveUpdate"=3
"Automatic LiveUpdate Scheduler"=2
"ose"=3
"odserv"=3
"MotoConnect Service"=2
"idsvc"=3
"IDriverT"=3
"gusvc"=3
"gupdate1ca105c13ac1bc4"=2
"DSBrokerService"=3
"Ati HotKey Poller"=3
"sprtsvc_dellsupportcenter"=2
"WMPNetworkSvc"=3
"getPlus(R) Helper"=3
"FontCache3.0.0.0"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDeletePrinter"=
"NoAddPrinter"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlbxcoms.exe"="C:\WINDOWS\system32\dlbxcoms.exe:*:Enabled:Dell Communication System"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\admin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-12 13:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\PKWARE
2010-03-12 13:09:10 ----D---- C:\Documents and Settings\admin\Application Data\PKWARE
2010-03-12 12:27:09 ----D---- C:\WINDOWS\ZipItFree
2010-03-12 12:27:09 ----D---- C:\Program Files\ZipItFree
2010-03-12 12:26:37 ----A---- C:\WINDOWS\ZipItFree Setup Log.txt
2009-09-19 10:31:36 ----D---- C:\rsit
2009-09-19 10:19:45 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-19 10:19:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-19 10:19:45 ----A---- C:\WINDOWS\system32\java.exe
2009-09-19 10:19:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-18 12:52:01 ----D---- C:\Program Files\CrossHair
2009-09-18 12:16:09 ----D---- C:\Program Files\Watchtower
2009-09-16 14:20:21 ----D---- C:\rsit1
2009-09-16 14:18:56 ----SHD---- C:\RECYCLER
2009-09-16 14:11:28 ----D---- C:\WINDOWS\temp
2009-09-16 14:11:26 ----A---- C:\ComboFix.txt
2009-09-15 10:53:21 ----D---- C:\Program Files\Avira
2009-09-15 10:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-09-10 17:30:42 ----RASHD---- C:\cmdcons
2009-09-10 17:29:26 ----A---- C:\WINDOWS\zip.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWSC.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\SWREG.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\sed.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\PEV.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-10 17:29:26 ----A---- C:\WINDOWS\grep.exe
2009-09-10 17:29:00 ----D---- C:\Qoobox
2009-09-10 17:09:18 ----D---- C:\WINDOWS\ERDNT
2009-09-10 17:06:49 ----D---- C:\Program Files\ERUNT
2009-09-10 11:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 11:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 11:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-10 10:36:37 ----D---- C:\Program Files\DIFX
2009-09-10 10:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\kinoma
2009-09-10 10:26:58 ----D---- C:\Program Files\Sony
2009-09-08 18:34:28 ----A---- C:\netstet.txt
2009-09-08 14:13:26 ----A---- C:\d.txt
2009-09-08 13:59:20 ----A---- C:\dd.txt
2009-09-04 14:40:08 ----D---- C:\Documents and Settings\admin\Application Data\Free Spider TreeCardGames
2009-09-04 14:39:50 ----D---- C:\Program Files\Free Spider
2009-09-04 09:59:17 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes
2009-09-04 09:59:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-04 09:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-31 02:26:11 ----A---- C:\Rooter_1.txt
2009-08-31 02:21:57 ----D---- C:\Program Files\trend micro
2009-08-25 06:58:28 ----D---- C:\Program Files\Hijackthis
2009-08-25 01:31:02 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-24 17:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-08-24 17:04:00 ----D---- C:\Program Files\Security Task Manager
2009-08-24 10:45:46 ----A---- C:\WINDOWS\wininit.ini
2009-08-24 10:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-09-19 10:24:01 ----D---- C:\Documents and Settings\admin\Application Data\mjusbsp
2009-09-19 10:23:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-19 10:19:51 ----SHD---- C:\WINDOWS\Installer
2009-09-19 10:19:45 ----D---- C:\WINDOWS\system32
2009-09-19 10:19:15 ----D---- C:\Program Files\Java
2009-09-19 10:09:08 ----D---- C:\Program Files\Common Files
2009-09-19 10:03:06 ----D---- C:\WINDOWS
2009-09-18 12:58:45 ----HD---- C:\WINDOWS\inf
2009-09-18 12:52:01 ----D---- C:\Program Files
2009-09-17 23:11:05 ----D---- C:\JW info
2009-09-16 14:08:04 ----N---- C:\WINDOWS\system.ini
2009-09-16 14:04:40 ----D---- C:\WINDOWS\system32\drivers
2009-09-16 14:04:40 ----D---- C:\WINDOWS\AppPatch
2009-09-15 12:26:36 ----D---- C:\install
2009-09-15 10:49:35 ----D---- C:\WINDOWS\WinSxS
2009-09-10 17:46:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-10 17:45:40 ----SD---- C:\WINDOWS\Tasks
2009-09-10 17:39:04 ----D---- C:\WINDOWS\system32\config
2009-09-10 17:30:57 ----ASH---- C:\boot.ini
2009-09-10 12:21:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-10 11:55:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 11:55:53 ----A---- C:\WINDOWS\imsins.BAK
2009-09-10 11:55:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 11:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-08 14:08:44 ----A---- C:\Boot.bak
2009-09-08 13:48:20 ----D---- C:\spoolerlogs
2009-09-08 12:55:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-08 12:34:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 12:28:59 ----D---- C:\Program Files\DivX
2009-09-08 12:21:00 ----HD---- C:\Program Files\Zero G Registry
2009-09-08 12:20:26 ----D---- C:\Program Files\Britannica Profiles
2009-09-06 16:21:18 ----A---- C:\WINDOWS\WORDPAD.INI
2009-09-05 12:01:06 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 10:46:21 ----A---- C:\WINDOWS\win.ini
2009-08-28 03:22:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-25 01:02:58 ----D---- C:\WINDOWS\Fonts
2009-08-25 01:02:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-25 01:01:56 ----D---- C:\Program Files\Microsoft Works
2009-08-20 08:45:57 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-30 1035264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [2009-08-01 110752]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CAM1690;USB PC Camera; C:\WINDOWS\System32\Drivers\cam1690.sys [2007-11-21 181888]
S3 catchme;catchme; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ionwpvvc;Watchport/V2 USB Camera; C:\WINDOWS\system32\DRIVERS\ionwpvvc.sys [2008-02-14 38656]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 U2SP;OEM USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;MOTOROLA Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [2004-12-16 462848]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-30 360448]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S4 gupdate1ca105c13ac1bc4;Google Update Service (gupdate1ca105c13ac1bc4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
ard
Regular Member
 
Posts: 41
Joined: August 25th, 2009, 7:12 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware