Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help! My MS Outlook is sending spam

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help! My MS Outlook is sending spam

Unread postby almic » November 29th, 2009, 6:28 pm

I've run Symantec AV, Spybot S&D and Bitdefender but there are still some emails being pushed without my knowledge to my entire address book. How can I stop that from happening?

here the HijackThis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:01, on 2009-11-29
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\HidFind.exe
D:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\sdclt.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medicine.uottawa.ca/Students/MD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NtrigApplet] C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\jmicl034\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0C3CAA1C-027B-40AF-B080-5880E96C5113} (VIVIDESKControlWeb Control) - http://install.cche.net/clint/install/c ... on=5,6,5,3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11628 bytes
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm
Advertisement
Register to Remove

Re: help! My MS Outlook is sending spam

Unread postby MWR 3 day Mod » December 3rd, 2009, 1:45 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 4th, 2009, 6:06 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Hi almic and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Multiple Anti-Virus Application Advice:

Having more than one of the aforementioned installed and active in system memory will cause a system conflict and actually lesson overall online protection. Please uninstall one of the following:-

  • BitDefender 2009
  • Symantec AntiVirus

Disable Spybot S&D TeaTimer's Registry Guard:

This is so it does not interfere with the malware removal process, you may re-enable this when I give the all clear.

  • If you have version 1.5 or 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  • Click on Mode > Advanced Mode. When it prompts you, click Yes.
  • On the left hand side, click on Tools.
  • Check this box if it is not yet ticked: Resident.
  • You will notice that Resident is now added under Tools. Click on Resident.
  • Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  • Exit Spybot Search & Destroy.
  • Restart your computer for the changes to take effect.

Note: The above must be completed before proceeding any further!

Advised Optional Advice:

Windows Defender at present is active in system memory and it is not at all a effective application in my humble opinion. When I give the all clear and you re-enable Spybot S&D TeaTimer's Registry Guard. It will be in conflict with Windows Defender and actually lesson overall online protection. However it cannot be uninstalled because it is a integral part of the Vista operating system.

My best advice would be to disable Windows Defender completely. A graphical tutorial explaining how to correctly can be viewed here.

Next:

Post back to let myself know when completed the above and we shall proceed further, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 5th, 2009, 10:27 am

Done!

waiting for further instructions.

I now get an error msg b/c I disabled Windows defender. Is there a way to get rid of this notification?

thanks so much for helping.

Al
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 5th, 2009, 10:38 am

Hi. :)

I now get an error msg b/c I disabled Windows defender. Is there a way to get rid of this notification?
Which method did you use to actually disable Windows Defender? If you have not done so reboot your machine again and if the error still present just undo what you did and we can come back to this if the need OK. :thumbup:

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Right- click on RSIT.exe and select Run as Administrator to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 8th, 2009, 11:33 am

It seems my previous reply got lost in cyberspace so here's my reply again.

BTW, I used the advanced procedure to remove Windows Defender.

Security check log
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is disabled!)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 8.1.7
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus VPTray.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

RSIT info.txt
info.txt logfile of random's system information tool 1.06 2009-12-05 10:22:36

======Uninstall list======

ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archimedes (PocketPC and Smartphone) v 11.3.11 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.11\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.11\irunin.xml"
Archimedes (PocketPC and Smartphone) v 11.3.5 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.5\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.5\irunin.xml"
Archimedes (PocketPC and Smartphone) v 11.3.8 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.8\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.8\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.0.1 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.0.1\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.0.1\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.1.2 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.1.2\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.1.2\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.1.5 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.1.5\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.1.5\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.2.2 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.2.2\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.2.2\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.3.0 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.3.0\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.3.0\irunin.xml"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
DefilerPak 1.22 (Remove Only)-->"C:\Program Files\DefilerPak\UnDefile.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DynaMed (PocketPC and Smartphone) v 12.10.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.10.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.10.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.11.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.11.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.11.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.12.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.12.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.12.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.13.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.13.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.13.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.15.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.15.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.15.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.16.1 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.16.1\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.16.1\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.18.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.18.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.18.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.19.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.19.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.19.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.20.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.20.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.20.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.23.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.23.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.23.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.24.1 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.24.1\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.24.1\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.25.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.25.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.25.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.26.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.26.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.26.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.27.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.27.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.27.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.4.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.4.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.4.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.5.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.5.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.5.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.6.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.6.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.6.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.7.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.7.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.7.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.8.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.8.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.8.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.9.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.9.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.9.0\irunin.xml"
Essential Evidence Plus for Pocket PC-->MsiExec.exe /I{2D055BFD-BA86-452A-886E-2CFECE3372B1}
Essential Evidence Plus Updater-->MsiExec.exe /I{FFBDF2CB-5FDD-461B-B082-3B95E81059A3}
Free RAR Extract Frog-->D:\Program Files\Free RAR Extract Frog\uninstall.exe
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lexmark 5200 Series-->C:\Program Files\Lexmark 5200 Series\Install\x86\Uninst.exe
LimeWire 5.1.1-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_12.0" /clone_wait /hide_progress
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
N-trig Software Bundle-->"C:\Program Files\InstallShield Installation Information\{18C71DD4-0147-4318-8689-AE836278FBFE}\setup.exe" -runfromtemp -l0x0009 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Questionmark Secure Browser-->C:\Program Files\InstallShield Installation Information\{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}\setup.exe -runfromtemp -l0x0409
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
R.A.L.E. Lung Sounds 3.0-->C:\Windows\uninst.exe -f"C:\Program Files\PixSoft Inc.\R.A.L.E. Lung Sounds 3.0\DeIsL1.isu" -c"C:\Program Files\PixSoft Inc.\R.A.L.E. Lung Sounds 3.0\_ISREG32.DLL"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
smARTupdate-->C:\Windows\iun6002.exe "C:\Program Files\Common Files\Skyscape\irunin.ini"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Texas Instruments TUSB3410 drivers.-->C:\Program Files\InstallShield Installation Information\{439CF818-EEC6-4A36-8E32-6A4750B0FC5C}\setup.exe -runfromtemp -l0x0409
ThinkVantage Fingerprint Software 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
TouchChip USB Driver 2.6-->MsiExec.exe /I{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
VIVIDESK Client (OTTAWA_EBM)-->MsiExec.exe /I{3F2BD0FB-DE5A-4E6A-8DFA-8472581AEA35}
WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Write-N-Cite-->D:\PROGRA~1\Refworks\UNWISE.EXE D:\PROGRA~1\Refworks\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus
AS: BitDefender AntiSpam (disabled)
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Symantec AntiVirus
AS: Windows Defender

======System event log======

Computer Name: Medtech3138
Event Code: 8005
Message: The browser has received a server announcement indicating that the computer MEDTECH3138 is a master browser, but this computer is not a master browser.
Record Number: 99597
Source Name: bowser
Time Written: 20090424135935.156148-000
Event Type: Warning
User:

Computer Name: Medtech3138
Event Code: 8003
Message: The master browser has received a server announcement from the computer MEDTECH3025 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EB30E224-62DF-4149-88B5-CC1584. The master browser is stopping or an election is being forced.
Record Number: 99596
Source Name: bowser
Time Written: 20090424135935.094148-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
cdrom
Record Number: 99537
Source Name: Service Control Manager
Time Written: 20090424120650.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 99501
Source Name: Service Control Manager
Time Written: 20090424120650.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 99459
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090424120618.753948-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 22928
Source Name: Outlook
Time Written: 20080912150344.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 22927
Source Name: Outlook
Time Written: 20080912150344.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 22926
Source Name: Outlook
Time Written: 20080912150344.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 22925
Source Name: Outlook
Time Written: 20080912150344.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 22924
Source Name: Outlook
Time Written: 20080912150344.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Medtech3138
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Record Number: 56793
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220234712.330000-000
Event Type: Audit Failure
User:

Computer Name: Medtech3138
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Record Number: 56792
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220234712.293000-000
Event Type: Audit Failure
User:

Computer Name: Medtech3138
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Record Number: 56791
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220234712.256000-000
Event Type: Audit Failure
User:

Computer Name: Medtech3138
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Record Number: 56790
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220234712.218000-000
Event Type: Audit Failure
User:

Computer Name: Medtech3138
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
Record Number: 56789
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090220234712.182000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

MTF
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby almic » December 8th, 2009, 11:35 am

Part 2

It seems my MS Outlook hasn't fired off any inappropriate email in a week now.


RSIT log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by jmicl034 at 2009-12-05 10:21:53
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 12 GB (21%) free of 57 GB
Total RAM: 2813 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:27, on 2009-12-05
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jmicl034\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Documents\Downloads\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\jmicl034.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medicine.uottawa.ca/Students/MD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NtrigApplet] C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 9875 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4288720384-1415621487-3964185074-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4288720384-1415621487-3964185074-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{3016D178-EC12-4A9A-BE58-74B538A1B08E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-11 163840]
"NtrigApplet"=C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe [2008-06-04 2248704]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-03-21 1548288]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2007-08-14 48904]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"Lexmark 5200 series"=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-03-25 57344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-07 405504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"LXBTCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-03-20 213936]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 5200 Series\ezprint.exe [2007-05-03 103344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\jmicl034\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-21 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Logitech Vid\vid.exe [2009-06-02 5451536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbtmon.exe]
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe [2007-05-03 230320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\Windows\system32\WDBtnMgr.exe [2008-10-02 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EEPUpdater.lnk]
C:\PROGRA~1\ESSENT~1\Updater\EEPUPD~1.EXE [2008-06-02 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-07-19 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-04-22 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jmicl034^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
C:\PROGRA~1\Memeo\AutoSync\MEMEOL~1.EXE --silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jmicl034^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~1\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jmicl034^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skyscape SmartUpdate.lnk]
C:\PROGRA~1\COMMON~1\Skyscape\SMARTU~1.EXE [2009-01-26 12496896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jmicl034^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
C:\Users\jmicl034\AppData\Roaming\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe --silent []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-08-14 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d28f8d6-115e-11dd-be38-001d0938b8f0}]
shell\AutoRun\command - ekugb3.bat
shell\explore\command - ekugb3.bat
shell\open\command - ekugb3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73fbdb26-bb91-11dd-93b7-00219bdabeec}]
shell\AutoRun\command - ctc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f70ef5-8fb3-11dd-b171-00219bdabeec}]
shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe


======List of files/folders created in the last 1 months======

2009-12-05 10:21:53 ----D---- C:\rsit
2009-11-29 15:01:23 ----D---- C:\Program Files\Common Files\BitDefender
2009-11-25 03:02:07 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 22:20:19 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 22:20:17 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 18:02:09 ----A---- C:\Windows\system32\javaws.exe
2009-11-23 18:02:09 ----A---- C:\Windows\system32\javaw.exe
2009-11-23 18:01:53 ----A---- C:\Windows\system32\java.exe
2009-11-22 19:05:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-17 03:26:57 ----D---- C:\Program Files\Windows Portable Devices
2009-11-17 03:06:15 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-17 03:06:13 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-17 03:06:13 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-17 03:05:04 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-17 03:05:02 ----A---- C:\Windows\system32\cdd.dll
2009-11-17 03:05:00 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-17 03:04:59 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-17 03:04:59 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-17 03:04:59 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-17 03:04:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-17 03:04:59 ----A---- C:\Windows\system32\d2d1.dll
2009-11-17 03:04:58 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-17 03:04:58 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-17 03:04:58 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-17 03:04:58 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-17 03:04:58 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-17 03:04:58 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-17 03:04:57 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\FntCache.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\DWrite.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-17 03:04:57 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-17 03:04:56 ----A---- C:\Windows\system32\dxgi.dll
2009-11-17 03:04:56 ----A---- C:\Windows\system32\d3d11.dll
2009-11-17 03:04:56 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-17 03:04:56 ----A---- C:\Windows\system32\d3d10.dll
2009-11-17 03:04:09 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-17 03:04:09 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-17 03:04:09 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-17 03:04:01 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-17 03:03:53 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-17 03:03:53 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-17 03:03:52 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-17 03:03:51 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-17 03:01:24 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-17 03:01:22 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-17 03:01:22 ----A---- C:\Windows\system32\oleacc.dll
2009-11-12 23:08:18 ----D---- C:\Windows\system32\eu-ES
2009-11-12 23:08:18 ----D---- C:\Windows\system32\ca-ES
2009-11-12 23:08:13 ----D---- C:\Windows\system32\vi-VN
2009-11-12 16:45:40 ----D---- C:\Windows\system32\EventProviders
2009-11-12 14:49:52 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-11-12 14:49:46 ----A---- C:\Windows\system32\SLsvc.exe
2009-11-12 14:49:46 ----A---- C:\Windows\system32\SLCExt.dll
2009-11-12 14:49:42 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-11-12 14:49:42 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-11-12 14:49:40 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-11-12 14:49:38 ----A---- C:\Windows\system32\mssrch.dll
2009-11-12 14:49:33 ----A---- C:\Windows\system32\tquery.dll
2009-11-12 14:49:30 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-11-12 14:49:29 ----A---- C:\Windows\system32\scavenge.dll
2009-11-12 14:49:29 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-11-12 14:49:29 ----A---- C:\Windows\system32\RMActivate.exe
2009-11-12 14:49:27 ----A---- C:\Windows\system32\msi.dll
2009-11-12 14:49:25 ----A---- C:\Windows\system32\imapi2fs.dll
2009-11-12 14:49:23 ----A---- C:\Windows\system32\secproc_isv.dll
2009-11-12 14:49:22 ----A---- C:\Windows\system32\WscEapPr.dll
2009-11-12 14:49:22 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-11-12 14:49:22 ----A---- C:\Windows\system32\sysmain.dll
2009-11-12 14:49:19 ----A---- C:\Windows\system32\icardagt.exe
2009-11-12 14:49:17 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-11-12 14:49:16 ----A---- C:\Windows\system32\EhStorShell.dll
2009-11-12 14:49:15 ----A---- C:\Windows\system32\spreview.exe
2009-11-12 14:49:14 ----A---- C:\Windows\system32\spinstall.exe
2009-11-12 14:49:14 ----A---- C:\Windows\system32\drmv2clt.dll
2009-11-12 14:49:11 ----A---- C:\Windows\system32\spwizui.dll
2009-11-12 14:49:11 ----A---- C:\Windows\system32\shell32.dll
2009-11-12 14:49:11 ----A---- C:\Windows\system32\secproc.dll
2009-11-12 14:49:11 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-11-12 14:49:09 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-11-12 14:49:09 ----A---- C:\Windows\system32\p2psvc.dll
2009-11-12 14:49:08 ----A---- C:\Windows\system32\mssvp.dll
2009-11-12 14:49:07 ----A---- C:\Windows\system32\mssphtb.dll
2009-11-12 14:49:07 ----A---- C:\Windows\system32\mssph.dll
2009-11-12 14:49:07 ----A---- C:\Windows\system32\mscoree.dll
2009-11-12 14:49:06 ----A---- C:\Windows\system32\imapi2.dll
2009-11-12 14:49:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-11-12 14:49:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-11-12 14:49:04 ----A---- C:\Windows\system32\esent.dll
2009-11-12 14:49:03 ----A---- C:\Windows\system32\DevicePairing.dll
2009-11-12 14:49:02 ----A---- C:\Windows\system32\wevtsvc.dll
2009-11-12 14:49:02 ----A---- C:\Windows\system32\sperror.dll
2009-11-12 14:49:02 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-11-12 14:49:02 ----A---- C:\Windows\system32\korwbrkr.dll
2009-11-12 14:49:01 ----A---- C:\Windows\system32\SLC.dll
2009-11-12 14:49:01 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-11-12 14:49:01 ----A---- C:\Windows\system32\IasMigReader.exe
2009-11-12 14:49:00 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-11-12 14:49:00 ----A---- C:\Windows\system32\msshsq.dll
2009-11-12 14:48:58 ----A---- C:\Windows\system32\pmcsnap.dll
2009-11-12 14:48:55 ----A---- C:\Windows\system32\msjet40.dll
2009-11-12 14:48:54 ----A---- C:\Windows\system32\MPSSVC.dll
2009-11-12 14:48:52 ----A---- C:\Windows\system32\Query.dll
2009-11-12 14:48:52 ----A---- C:\Windows\system32\qmgr.dll
2009-11-12 14:48:51 ----A---- C:\Windows\system32\msexch40.dll
2009-11-12 14:48:51 ----A---- C:\Windows\system32\diagperf.dll
2009-11-12 14:48:50 ----A---- C:\Windows\system32\P2PGraph.dll
2009-11-12 14:48:50 ----A---- C:\Windows\system32\ole32.dll
2009-11-12 14:48:49 ----A---- C:\Windows\system32\srchadmin.dll
2009-11-12 14:48:49 ----A---- C:\Windows\system32\ntdll.dll
2009-11-12 14:48:48 ----A---- C:\Windows\system32\winload.exe
2009-11-12 14:48:48 ----A---- C:\Windows\system32\mblctr.exe
2009-11-12 14:48:47 ----A---- C:\Windows\system32\uDWM.dll
2009-11-12 14:48:47 ----A---- C:\Windows\system32\mmc.exe
2009-11-12 14:48:47 ----A---- C:\Windows\system32\EncDec.dll
2009-11-12 14:48:46 ----A---- C:\Windows\system32\dfsr.exe
2009-11-12 14:48:45 ----A---- C:\Windows\system32\riched20.dll
2009-11-12 14:48:45 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-11-12 14:48:44 ----A---- C:\Windows\system32\fdBth.dll
2009-11-12 14:48:43 ----A---- C:\Windows\system32\RacEngn.dll
2009-11-12 14:48:42 ----A---- C:\Windows\system32\kernel32.dll
2009-11-12 14:48:41 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-11-12 14:48:41 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-11-12 14:48:41 ----A---- C:\Windows\system32\milcore.dll
2009-11-12 14:48:40 ----A---- C:\Windows\system32\spoolss.dll
2009-11-12 14:48:40 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-11-12 14:48:40 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-12 14:48:39 ----A---- C:\Windows\system32\schedsvc.dll
2009-11-12 14:48:39 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-11-12 14:48:36 ----A---- C:\Windows\system32\msvcp60.dll
2009-11-12 14:48:36 ----A---- C:\Windows\system32\msjtes40.dll
2009-11-12 14:48:36 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-11-12 14:48:35 ----A---- C:\Windows\system32\infocardapi.dll
2009-11-12 14:48:35 ----A---- C:\Windows\system32\gpedit.dll
2009-11-12 14:48:34 ----A---- C:\Windows\system32\WinSAT.exe
2009-11-12 14:48:34 ----A---- C:\Windows\system32\es.dll
2009-11-12 14:48:33 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-11-12 14:48:33 ----A---- C:\Windows\system32\Magnify.exe
2009-11-12 14:48:33 ----A---- C:\Windows\system32\cscsvc.dll
2009-11-12 14:48:33 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-11-12 14:48:32 ----A---- C:\Windows\system32\WebClnt.dll
2009-11-12 14:48:32 ----A---- C:\Windows\system32\mstext40.dll
2009-11-12 14:48:32 ----A---- C:\Windows\system32\advapi32.dll
2009-11-12 14:48:31 ----A---- C:\Windows\system32\slwmi.dll
2009-11-12 14:48:31 ----A---- C:\Windows\system32\msxbde40.dll
2009-11-12 14:48:31 ----A---- C:\Windows\system32\msexcl40.dll
2009-11-12 14:48:31 ----A---- C:\Windows\system32\comsvcs.dll
2009-11-12 14:48:30 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-11-12 14:48:29 ----A---- C:\Windows\system32\vssapi.dll
2009-11-12 14:48:28 ----A---- C:\Windows\system32\msfeeds.dll
2009-11-12 14:48:28 ----A---- C:\Windows\system32\authui.dll
2009-11-12 14:48:27 ----A---- C:\Windows\system32\NetProjW.dll
2009-11-12 14:48:26 ----A---- C:\Windows\system32\vbscript.dll
2009-11-12 14:48:26 ----A---- C:\Windows\system32\PresentationHost.exe
2009-11-12 14:48:26 ----A---- C:\Windows\system32\msrepl40.dll
2009-11-12 14:48:25 ----A---- C:\Windows\system32\propsys.dll
2009-11-12 14:48:25 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-12 14:48:25 ----A---- C:\Windows\system32\newdev.dll
2009-11-12 14:48:25 ----A---- C:\Windows\system32\iasrecst.dll
2009-11-12 14:48:24 ----A---- C:\Windows\system32\gpsvc.dll
2009-11-12 14:48:24 ----A---- C:\Windows\system32\eudcedit.exe
2009-11-12 14:48:24 ----A---- C:\Windows\system32\crypt32.dll
2009-11-12 14:48:23 ----A---- C:\Windows\system32\rpcss.dll
2009-11-12 14:48:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-11-12 14:48:23 ----A---- C:\Windows\explorer.exe
2009-11-12 14:48:22 ----A---- C:\Windows\system32\setupapi.dll
2009-11-12 14:48:22 ----A---- C:\Windows\system32\mspbde40.dll
2009-11-12 14:48:22 ----A---- C:\Windows\system32\d3d9.dll
2009-11-12 14:48:21 ----A---- C:\Windows\system32\msltus40.dll
2009-11-12 14:48:21 ----A---- C:\Windows\system32\davclnt.dll
2009-11-12 14:48:20 ----A---- C:\Windows\system32\shlwapi.dll
2009-11-12 14:48:20 ----A---- C:\Windows\system32\msrd3x40.dll
2009-11-12 14:48:20 ----A---- C:\Windows\system32\mfc42.dll
2009-11-12 14:48:20 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-11-12 14:48:20 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-11-12 14:48:19 ----A---- C:\Windows\system32\wevtapi.dll
2009-11-12 14:48:19 ----A---- C:\Windows\system32\photowiz.dll
2009-11-12 14:48:19 ----A---- C:\Windows\system32\nlhtml.dll
2009-11-12 14:48:19 ----A---- C:\Windows\system32\msdtctm.dll
2009-11-12 14:48:19 ----A---- C:\Windows\system32\browseui.dll
2009-11-12 14:48:17 ----A---- C:\Windows\system32\user32.dll
2009-11-12 14:48:16 ----A---- C:\Windows\system32\samsrv.dll
2009-11-12 14:48:16 ----A---- C:\Windows\system32\quartz.dll
2009-11-12 14:48:16 ----A---- C:\Windows\system32\ci.dll
2009-11-12 14:48:15 ----A---- C:\Windows\system32\win32spl.dll
2009-11-12 14:48:15 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-11-12 14:48:15 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-11-12 14:48:15 ----A---- C:\Windows\system32\oleaut32.dll
2009-11-12 14:48:14 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-11-12 14:48:13 ----A---- C:\Windows\system32\netshell.dll
2009-11-12 14:48:13 ----A---- C:\Windows\system32\compcln.exe
2009-11-12 14:48:12 ----A---- C:\Windows\system32\winhttp.dll
2009-11-12 14:48:12 ----A---- C:\Windows\system32\apds.dll
2009-11-12 14:48:11 ----A---- C:\Windows\system32\xmlfilter.dll
2009-11-12 14:48:11 ----A---- C:\Windows\system32\mswstr10.dll
2009-11-12 14:48:11 ----A---- C:\Windows\system32\audiosrv.dll
2009-11-12 14:48:10 ----A---- C:\Windows\system32\msvcrt.dll
2009-11-12 14:48:10 ----A---- C:\Windows\system32\msctf.dll
2009-11-12 14:48:10 ----A---- C:\Windows\system32\emdmgmt.dll
2009-11-12 14:48:09 ----A---- C:\Windows\system32\VSSVC.exe
2009-11-12 14:48:09 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-11-12 14:48:09 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-11-12 14:48:09 ----A---- C:\Windows\system32\gdi32.dll
2009-11-12 14:48:08 ----A---- C:\Windows\system32\SLUI.exe
2009-11-12 14:48:08 ----A---- C:\Windows\system32\mfc42u.dll
2009-11-12 14:48:07 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-11-12 14:48:07 ----A---- C:\Windows\system32\msrd2x40.dll
2009-11-12 14:48:07 ----A---- C:\Windows\system32\eapphost.dll
2009-11-12 14:48:06 ----A---- C:\Windows\system32\wbengine.exe
2009-11-12 14:48:05 ----A---- C:\Windows\system32\winresume.exe
2009-11-12 14:48:05 ----A---- C:\Windows\system32\shdocvw.dll
2009-11-12 14:48:05 ----A---- C:\Windows\system32\propdefs.dll
2009-11-12 14:48:05 ----A---- C:\Windows\system32\odbc32.dll
2009-11-12 14:48:04 ----A---- C:\Windows\system32\dbgeng.dll
2009-11-12 14:48:03 ----A---- C:\Windows\system32\wevtutil.exe
2009-11-12 14:48:03 ----A---- C:\Windows\system32\mssitlb.dll
2009-11-12 14:48:01 ----A---- C:\Windows\system32\WsmSvc.dll
2009-11-12 14:48:01 ----A---- C:\Windows\system32\swprv.dll
2009-11-12 14:48:01 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-11-12 14:48:00 ----A---- C:\Windows\system32\usp10.dll
2009-11-12 14:47:59 ----A---- C:\Windows\system32\vds.exe
2009-11-12 14:47:59 ----A---- C:\Windows\system32\mshtmled.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\netlogon.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\msscb.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\msctfp.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\drvinst.exe
2009-11-12 14:47:58 ----A---- C:\Windows\system32\devmgr.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-11-12 14:47:58 ----A---- C:\Windows\system32\BFE.DLL
2009-11-12 14:47:58 ----A---- C:\Windows\system32\adsldpc.dll
2009-11-12 14:47:57 ----A---- C:\Windows\system32\WFS.exe
2009-11-12 14:47:57 ----A---- C:\Windows\system32\evr.dll
2009-11-12 14:47:56 ----A---- C:\Windows\system32\Wldap32.dll
2009-11-12 14:47:56 ----A---- C:\Windows\system32\wcnwiz.dll
2009-11-12 14:47:55 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-11-12 14:47:54 ----A---- C:\Windows\system32\services.exe
2009-11-12 14:47:54 ----A---- C:\Windows\system32\iertutil.dll
2009-11-12 14:47:53 ----A---- C:\Windows\system32\wercon.exe
2009-11-12 14:47:52 ----A---- C:\Windows\system32\comdlg32.dll
2009-11-12 14:47:52 ----A---- C:\Windows\system32\adtschema.dll
2009-11-12 14:47:51 ----A---- C:\Windows\system32\wcncsvc.dll
2009-11-12 14:47:51 ----A---- C:\Windows\system32\mimefilt.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\taskeng.exe
2009-11-12 14:47:50 ----A---- C:\Windows\system32\reg.exe
2009-11-12 14:47:50 ----A---- C:\Windows\system32\mswdat10.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\msjter40.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\msdtcprx.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\msdrm.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-11-12 14:47:50 ----A---- C:\Windows\system32\certcli.dll
2009-11-12 14:47:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-11-12 14:47:49 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-11-12 14:47:49 ----A---- C:\Windows\system32\rtffilt.dll
2009-11-12 14:47:49 ----A---- C:\Windows\system32\dnsapi.dll
2009-11-12 14:47:49 ----A---- C:\Windows\system32\certutil.exe
2009-11-12 14:47:48 ----A---- C:\Windows\system32\w32time.dll
2009-11-12 14:47:48 ----A---- C:\Windows\system32\msshooks.dll
2009-11-12 14:47:48 ----A---- C:\Windows\system32\msscntrs.dll
2009-11-12 14:47:48 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-11-12 14:47:48 ----A---- C:\Windows\system32\bcrypt.dll
2009-11-12 14:47:47 ----A---- C:\Windows\system32\rsaenh.dll
2009-11-12 14:47:47 ----A---- C:\Windows\system32\msihnd.dll
2009-11-12 14:47:47 ----A---- C:\Windows\system32\bthserv.dll
2009-11-12 14:47:46 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-11-12 14:47:46 ----A---- C:\Windows\system32\msstrc.dll
2009-11-12 14:47:46 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-11-12 14:47:43 ----A---- C:\Windows\system32\scrptadm.dll
2009-11-12 14:47:43 ----A---- C:\Windows\system32\netapi32.dll
2009-11-12 14:47:43 ----A---- C:\Windows\system32\inetcomm.dll
2009-11-12 14:47:43 ----A---- C:\Windows\system32\dfshim.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\mtxclu.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\mscories.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\inetpp.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\hidserv.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\fundisc.dll
2009-11-12 14:47:42 ----A---- C:\Windows\system32\cryptsvc.dll
2009-11-12 14:47:41 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-11-12 14:47:41 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-11-12 14:47:40 ----A---- C:\Windows\system32\termsrv.dll
2009-11-12 14:47:40 ----A---- C:\Windows\system32\profsvc.dll
2009-11-12 14:47:38 ----A---- C:\Windows\system32\wdc.dll
2009-11-12 14:47:38 ----A---- C:\Windows\system32\shsvcs.dll
2009-11-12 14:47:38 ----A---- C:\Windows\system32\msiexec.exe
2009-11-12 14:47:38 ----A---- C:\Windows\system32\imapi.dll
2009-11-12 14:47:38 ----A---- C:\Windows\system32\chsbrkr.dll
2009-11-12 14:47:37 ----A---- C:\Windows\system32\spoolsv.exe
2009-11-12 14:47:37 ----A---- C:\Windows\system32\rasmans.dll
2009-11-12 14:47:37 ----A---- C:\Windows\system32\pnidui.dll
2009-11-12 14:47:37 ----A---- C:\Windows\system32\icardres.dll
2009-11-12 14:47:37 ----A---- C:\Windows\system32\iassdo.dll
2009-11-12 14:47:36 ----A---- C:\Windows\system32\wersvc.dll
2009-11-12 14:47:36 ----A---- C:\Windows\system32\slmgr.vbs
2009-11-12 14:47:36 ----A---- C:\Windows\system32\scrrun.dll
2009-11-12 14:47:36 ----A---- C:\Windows\system32\PSHED.DLL
2009-11-12 14:47:36 ----A---- C:\Windows\system32\autofmt.exe
2009-11-12 14:47:35 ----A---- C:\Windows\system32\pidgenx.dll
2009-11-12 14:47:35 ----A---- C:\Windows\system32\pdh.dll
2009-11-12 14:47:35 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-11-12 14:47:35 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-11-12 14:47:35 ----A---- C:\Windows\system32\azroles.dll
2009-11-12 14:47:34 ----A---- C:\Windows\system32\wmpmde.dll
2009-11-12 14:47:33 ----A---- C:\Windows\system32\winlogon.exe
2009-11-12 14:47:33 ----A---- C:\Windows\system32\SyncCenter.dll
2009-11-12 14:47:32 ----A---- C:\Windows\system32\SLUINotify.dll
2009-11-12 14:47:32 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-11-12 14:47:32 ----A---- C:\Windows\system32\comuid.dll
2009-11-12 14:47:31 ----A---- C:\Windows\system32\sethc.exe
2009-11-12 14:47:31 ----A---- C:\Windows\system32\ncrypt.dll
2009-11-12 14:47:31 ----A---- C:\Windows\system32\kd1394.dll
2009-11-12 14:47:31 ----A---- C:\Windows\system32\certmgr.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\wisptis.exe
2009-11-12 14:47:30 ----A---- C:\Windows\system32\untfs.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\taskcomp.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\spp.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\scrobj.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\rtutils.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\iassam.dll
2009-11-12 14:47:30 ----A---- C:\Windows\system32\dwm.exe
2009-11-12 14:47:29 ----A---- C:\Windows\system32\printui.dll
2009-11-12 14:47:29 ----A---- C:\Windows\system32\iasnap.dll
2009-11-12 14:47:29 ----A---- C:\Windows\system32\cscui.dll
2009-11-12 14:47:29 ----A---- C:\Windows\system32\autoconv.exe
2009-11-12 14:47:29 ----A---- C:\Windows\system32\autochk.exe
2009-11-12 14:47:28 ----A---- C:\Windows\system32\winsrv.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\wow32.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\userenv.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\osk.exe
2009-11-12 14:47:27 ----A---- C:\Windows\system32\onex.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\kdcom.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\cscript.exe
2009-11-12 14:47:27 ----A---- C:\Windows\system32\basecsp.dll
2009-11-12 14:47:27 ----A---- C:\Windows\system32\audiodg.exe
2009-11-12 14:47:26 ----A---- C:\Windows\system32\winmm.dll
2009-11-12 14:47:26 ----A---- C:\Windows\system32\spcmsg.dll
2009-11-12 14:47:26 ----A---- C:\Windows\system32\RelMon.dll
2009-11-12 14:47:26 ----A---- C:\Windows\system32\mswsock.dll
2009-11-12 14:47:26 ----A---- C:\Windows\system32\kdusb.dll
2009-11-12 14:47:25 ----A---- C:\Windows\system32\WinSCard.dll
2009-11-12 14:47:25 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-11-12 14:47:25 ----A---- C:\Windows\system32\rdpencom.dll
2009-11-12 14:47:25 ----A---- C:\Windows\system32\offfilt.dll
2009-11-12 14:47:25 ----A---- C:\Windows\system32\msftedit.dll
2009-11-12 14:47:25 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\wsepno.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\WerFault.exe
2009-11-12 14:47:23 ----A---- C:\Windows\system32\Utilman.exe
2009-11-12 14:47:23 ----A---- C:\Windows\system32\stobject.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\mfplat.dll
2009-11-12 14:47:23 ----A---- C:\Windows\system32\diskraid.exe
2009-11-12 14:47:22 ----A---- C:\Windows\system32\sysclass.dll
2009-11-12 14:47:22 ----A---- C:\Windows\system32\SndVol.exe
2009-11-12 14:47:22 ----A---- C:\Windows\system32\prnntfy.dll
2009-11-12 14:47:22 ----A---- C:\Windows\system32\msnetobj.dll
2009-11-12 14:47:22 ----A---- C:\Windows\system32\mscms.dll
2009-11-12 14:47:22 ----A---- C:\Windows\system32\apphelp.dll
2009-11-12 14:47:22 ----A---- C:\Windows\system32\adsmsext.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\wscript.exe
2009-11-12 14:47:21 ----A---- C:\Windows\system32\wiaservc.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\ulib.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\odbccp32.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\iasdatastore.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\dsound.dll
2009-11-12 14:47:21 ----A---- C:\Windows\system32\cryptui.dll
2009-11-12 14:47:20 ----A---- C:\Windows\system32\wscntfy.dll
2009-11-12 14:47:20 ----A---- C:\Windows\system32\rastapi.dll
2009-11-12 14:47:20 ----A---- C:\Windows\system32\pnpsetup.dll
2009-11-12 14:47:20 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-11-12 14:47:20 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-11-12 14:47:20 ----A---- C:\Windows\system32\fdProxy.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\wscsvc.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-11-12 14:47:19 ----A---- C:\Windows\system32\wlangpui.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\vdsdyn.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\rastls.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\logman.exe
2009-11-12 14:47:19 ----A---- C:\Windows\system32\iepeers.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\iashlpr.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\gpapi.dll
2009-11-12 14:47:19 ----A---- C:\Windows\system32\diskpart.exe
2009-11-12 14:47:19 ----A---- C:\Windows\system32\brcpl.dll
2009-11-12 14:47:18 ----A---- C:\Windows\system32\wusa.exe
2009-11-12 14:47:18 ----A---- C:\Windows\system32\regsvc.dll
2009-11-12 14:47:18 ----A---- C:\Windows\system32\rasapi32.dll
2009-11-12 14:47:18 ----A---- C:\Windows\system32\ntprint.dll
2009-11-12 14:47:18 ----A---- C:\Windows\system32\mscorier.dll
2009-11-12 14:47:18 ----A---- C:\Windows\system32\iasrad.dll
2009-11-12 14:47:17 ----A---- C:\Windows\system32\zipfldr.dll
2009-11-12 14:47:17 ----A---- C:\Windows\system32\wshext.dll
2009-11-12 14:47:17 ----A---- C:\Windows\system32\netcenter.dll
2009-11-12 14:47:17 ----A---- C:\Windows\system32\findstr.exe
2009-11-12 14:47:16 ----A---- C:\Windows\system32\wer.dll
2009-11-12 14:47:16 ----A---- C:\Windows\system32\webcheck.dll
2009-11-12 14:47:16 ----A---- C:\Windows\system32\rasdlg.dll
2009-11-12 14:47:16 ----A---- C:\Windows\system32\iassvcs.dll
2009-11-12 14:47:15 ----A---- C:\Windows\system32\wsnmp32.dll
2009-11-12 14:47:15 ----A---- C:\Windows\system32\themecpl.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\uxsms.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\tsbyuv.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\srvsvc.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\slcc.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\scansetting.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\ntmarta.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\msutb.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\mstlsapi.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\mssprxy.dll
2009-11-12 14:47:13 ----A---- C:\Windows\system32\iasads.dll
2009-11-12 14:47:12 ----A---- C:\Windows\system32\powrprof.dll
2009-11-12 14:47:12 ----A---- C:\Windows\system32\networkmap.dll
2009-11-12 14:47:12 ----A---- C:\Windows\system32\mstsc.exe
2009-11-12 14:47:12 ----A---- C:\Windows\system32\iasacct.dll
2009-11-12 14:47:11 ----A---- C:\Windows\system32\powercpl.dll
2009-11-12 14:47:11 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-11-12 14:47:10 ----A---- C:\Windows\system32\umrdp.dll
2009-11-12 14:47:10 ----A---- C:\Windows\system32\newdev.exe
2009-11-12 14:47:10 ----A---- C:\Windows\system32\connect.dll
2009-11-12 14:47:10 ----A---- C:\Windows\system32\authz.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\themeui.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\systemcpl.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\sud.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\pcaui.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\dot3svc.dll
2009-11-12 14:47:09 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\usercpl.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\samlib.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\qdvd.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\mmci.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\brcplsiw.dll
2009-11-12 14:47:08 ----A---- C:\Windows\system32\autoplay.dll
2009-11-12 14:47:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-11-12 14:47:07 ----A---- C:\Windows\system32\rpchttp.dll
2009-11-12 14:47:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-11-12 14:47:06 ----A---- C:\Windows\system32\vdsutil.dll
2009-11-12 14:47:06 ----A---- C:\Windows\system32\regapi.dll
2009-11-12 14:47:06 ----A---- C:\Windows\system32\msinfo32.exe
2009-11-12 14:47:06 ----A---- C:\Windows\system32\cscobj.dll
2009-11-12 14:47:05 ----A---- C:\Windows\system32\tapisrv.dll
2009-11-12 14:47:05 ----A---- C:\Windows\system32\scksp.dll
2009-11-12 14:47:05 ----A---- C:\Windows\system32\feclient.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\wscisvif.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\scesrv.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\rekeywiz.exe
2009-11-12 14:47:04 ----A---- C:\Windows\system32\psisdecd.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\oleprn.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\mpr.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\imm32.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\iaspolcy.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\Faultrep.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\dot3msm.dll
2009-11-12 14:47:04 ----A---- C:\Windows\system32\DeviceEject.exe
2009-11-12 14:47:04 ----A---- C:\Windows\system32\AudioSes.dll
2009-11-12 14:47:03 ----A---- C:\Windows\system32\sdclt.exe
2009-11-12 14:47:03 ----A---- C:\Windows\system32\qedit.dll
2009-11-12 14:47:03 ----A---- C:\Windows\system32\pnpui.dll
2009-11-12 14:47:03 ----A---- C:\Windows\system32\perfdisk.dll
2009-11-12 14:47:03 ----A---- C:\Windows\system32\ncryptui.dll
2009-11-12 14:47:03 ----A---- C:\Windows\system32\dpapimig.exe
2009-11-12 14:47:03 ----A---- C:\Windows\system32\certreq.exe
2009-11-12 14:47:02 ----A---- C:\Windows\system32\TSTheme.exe
2009-11-12 14:47:02 ----A---- C:\Windows\system32\spwinsat.dll
2009-11-12 14:47:02 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-11-12 14:47:02 ----A---- C:\Windows\system32\scecli.dll
2009-11-12 14:47:02 ----A---- C:\Windows\system32\rasplap.dll
2009-11-12 14:47:02 ----A---- C:\Windows\system32\rasgcw.dll
2009-11-12 14:47:02 ----A---- C:\Windows\system32\hdwwiz.exe
2009-11-12 14:47:02 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-11-12 14:47:02 ----A---- C:\Windows\system32\extmgr.dll
2009-11-12 14:47:01 ----A---- C:\Windows\system32\whealogr.dll
2009-11-12 14:47:01 ----A---- C:\Windows\system32\tcpmon.dll
2009-11-12 14:47:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-11-12 14:47:01 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-11-12 14:47:01 ----A---- C:\Windows\system32\fdWSD.dll
2009-11-12 14:47:01 ----A---- C:\Windows\system32\cmmon32.exe
2009-11-12 14:47:00 ----A---- C:\Windows\system32\srcore.dll
2009-11-12 14:47:00 ----A---- C:\Windows\system32\conime.exe
2009-11-12 14:47:00 ----A---- C:\Windows\system32\cmdial32.dll
2009-11-12 14:46:59 ----A---- C:\Windows\system32\SnippingTool.exe
2009-11-12 14:46:59 ----A---- C:\Windows\system32\SCardSvr.dll
2009-11-12 14:46:59 ----A---- C:\Windows\system32\raschap.dll
2009-11-12 14:46:59 ----A---- C:\Windows\system32\fontext.dll
2009-11-12 14:46:58 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-11-12 14:46:58 ----A---- C:\Windows\system32\wlanui.dll
2009-11-12 14:46:58 ----A---- C:\Windows\system32\wiaaut.dll
2009-11-12 14:46:58 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-11-12 14:46:57 ----A---- C:\Windows\system32\shwebsvc.dll
2009-11-12 14:46:57 ----A---- C:\Windows\system32\rasppp.dll
2009-11-12 14:46:57 ----A---- C:\Windows\system32\PnPutil.exe
2009-11-12 14:46:57 ----A---- C:\Windows\system32\oobefldr.dll
2009-11-12 14:46:57 ----A---- C:\Windows\system32\dsprop.dll
2009-11-12 14:46:57 ----A---- C:\Windows\system32\dimsroam.dll
2009-11-12 14:46:56 ----A---- C:\Windows\system32\shsetup.dll
2009-11-12 14:46:56 ----A---- C:\Windows\system32\rasmontr.dll
2009-11-12 14:46:56 ----A---- C:\Windows\system32\occache.dll
2009-11-12 14:46:56 ----A---- C:\Windows\system32\mscandui.dll
2009-11-12 14:46:56 ----A---- C:\Windows\system32\modemui.dll
2009-11-12 14:46:55 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-11-12 14:46:55 ----A---- C:\Windows\system32\chtbrkr.dll
2009-11-12 14:46:54 ----A---- C:\Windows\system32\dataclen.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\WSDMon.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\tscfgwmi.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\smss.exe
2009-11-12 14:46:53 ----A---- C:\Windows\system32\rdpwsx.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\netplwiz.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\CscMig.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\credui.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\blackbox.dll
2009-11-12 14:46:53 ----A---- C:\Windows\system32\appmgmts.dll
2009-11-12 14:46:52 ----A---- C:\Windows\system32\wmpeffects.dll
2009-11-12 14:46:52 ----A---- C:\Windows\system32\networkexplorer.dll
2009-11-12 14:46:52 ----A---- C:\Windows\system32\mstime.dll
2009-11-12 14:46:52 ----A---- C:\Windows\system32\certprop.dll
2009-11-12 14:46:51 ----A---- C:\Windows\system32\msscp.dll
2009-11-12 14:46:51 ----A---- C:\Windows\system32\logagent.exe
2009-11-12 14:46:51 ----A---- C:\Windows\system32\InkEd.dll
2009-11-12 14:46:51 ----A---- C:\Windows\system32\ifmon.dll
2009-11-12 14:46:51 ----A---- C:\Windows\system32\cipher.exe
2009-11-12 14:46:50 ----A---- C:\Windows\system32\wscapi.dll
2009-11-12 14:46:50 ----A---- C:\Windows\system32\thawbrkr.dll
2009-11-12 14:46:50 ----A---- C:\Windows\system32\msrating.dll
2009-11-12 14:46:50 ----A---- C:\Windows\system32\msimtf.dll
2009-11-12 14:46:50 ----A---- C:\Windows\system32\gpresult.exe
2009-11-12 14:46:49 ----A---- C:\Windows\system32\softkbd.dll
2009-11-12 14:46:49 ----A---- C:\Windows\system32\sendmail.dll
2009-11-12 14:46:49 ----A---- C:\Windows\system32\msctfui.dll
2009-11-12 14:46:49 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-11-12 14:46:48 ----A---- C:\Windows\system32\rdpclip.exe
2009-11-12 14:46:48 ----A---- C:\Windows\system32\olepro32.dll
2009-11-12 14:46:48 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-11-12 14:46:48 ----A---- C:\Windows\system32\dmsynth.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\wshbth.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\version.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\SLLUA.exe
2009-11-12 14:46:47 ----A---- C:\Windows\system32\puiapi.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\msisip.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\mprapi.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\input.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\gpprnext.dll
2009-11-12 14:46:47 ----A---- C:\Windows\system32\fc.exe
2009-11-12 14:46:47 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\rdpendp.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\msjint40.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\fdSSDP.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\dmusic.dll
2009-11-12 14:46:46 ----A---- C:\Windows\system32\cscapi.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\wsdchngr.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\Storprop.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\rasdial.exe
2009-11-12 14:46:45 ----A---- C:\Windows\system32\rasdiag.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\l2nacp.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\ftp.exe
2009-11-12 14:46:45 ----A---- C:\Windows\system32\eapp3hst.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\cscdll.dll
2009-11-12 14:46:45 ----A---- C:\Windows\system32\bthudtask.exe
2009-11-12 14:46:45 ----A---- C:\Windows\system32\bthci.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\tscupgrd.exe
2009-11-12 14:46:44 ----A---- C:\Windows\system32\slcinst.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\PrintBrmUi.exe
2009-11-12 14:46:44 ----A---- C:\Windows\system32\nslookup.exe
2009-11-12 14:46:44 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\ipconfig.exe
2009-11-12 14:46:44 ----A---- C:\Windows\system32\gpscript.exe
2009-11-12 14:46:44 ----A---- C:\Windows\system32\gpscript.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\fdWCN.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\eappcfg.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\dot3cfg.dll
2009-11-12 14:46:44 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\qprocess.exe
2009-11-12 14:46:43 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\ocsetup.exe
2009-11-12 14:46:43 ----A---- C:\Windows\system32\mmcico.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\hbaapi.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\fdeploy.dll
2009-11-12 14:46:43 ----A---- C:\Windows\system32\eappgnui.dll
2009-11-12 14:46:42 ----A---- C:\Windows\system32\tscon.exe
2009-11-12 14:46:42 ----A---- C:\Windows\system32\gpupdate.exe
2009-11-12 14:46:42 ----A---- C:\Windows\system32\csrstub.exe
2009-11-12 14:46:42 ----A---- C:\Windows\system32\chgusr.exe
2009-11-12 14:46:42 ----A---- C:\Windows\system32\chgport.exe
2009-11-12 14:46:42 ----A---- C:\Windows\system32\cbsra.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\tskill.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\shadow.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\rwinsta.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\NcdProp.dll
2009-11-12 14:46:41 ----A---- C:\Windows\system32\logoff.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\iscsilog.dll
2009-11-12 14:46:41 ----A---- C:\Windows\system32\chglogon.exe
2009-11-12 14:46:41 ----A---- C:\Windows\system32\bitsigd.dll
2009-11-12 14:46:40 ----A---- C:\Windows\system32\vdmdbg.dll
2009-11-12 14:46:40 ----A---- C:\Windows\system32\tsdiscon.exe
2009-11-12 14:46:40 ----A---- C:\Windows\system32\slwga.dll
2009-11-12 14:46:40 ----A---- C:\Windows\system32\reset.exe
2009-11-12 14:46:40 ----A---- C:\Windows\system32\query.exe
2009-11-12 14:46:40 ----A---- C:\Windows\system32\qappsrv.exe
2009-11-12 14:46:40 ----A---- C:\Windows\system32\odbcconf.dll
2009-11-12 14:46:40 ----A---- C:\Windows\system32\inetppui.dll
2009-11-12 14:46:39 ----A---- C:\Windows\system32\winrnr.dll
2009-11-12 14:46:39 ----A---- C:\Windows\system32\midimap.dll
2009-11-12 14:46:39 ----A---- C:\Windows\system32\change.exe
2009-11-12 14:46:34 ----A---- C:\Windows\system32\msimsg.dll
2009-11-12 14:46:34 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-11-12 14:46:08 ----A---- C:\Windows\system32\SmiEngine.dll
2009-11-12 14:46:00 ----A---- C:\Windows\system32\wdscore.dll
2009-11-12 14:46:00 ----A---- C:\Windows\system32\PkgMgr.exe
2009-11-12 14:45:40 ----A---- C:\Windows\system32\drvstore.dll
2009-11-10 21:45:05 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-10 19:10:37 ----D---- C:\Program Files\Microsoft

======List of files/folders modified in the last 1 months======

2009-12-05 09:27:35 ----D---- C:\Windows\System32
2009-12-05 09:27:35 ----D---- C:\Windows\inf
2009-12-05 09:27:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-05 09:26:19 ----D---- C:\Windows\Temp
2009-12-05 09:23:07 ----SHD---- C:\Windows\Installer
2009-12-04 18:13:32 ----D---- C:\Windows\system32\drivers
2009-12-04 18:13:24 ----HD---- C:\ProgramData
2009-12-04 15:46:38 ----D---- C:\Program Files\Lx_cats
2009-12-03 22:59:38 ----SHD---- C:\System Volume Information
2009-12-01 15:41:22 ----D---- C:\Windows\Minidump
2009-12-01 15:41:22 ----D---- C:\Windows
2009-12-01 15:41:08 ----SD---- C:\Windows\Downloaded Program Files
2009-12-01 15:41:08 ----D---- C:\Program Files\Vividesk
2009-12-01 15:33:43 ----D---- C:\Program Files\ATI
2009-12-01 13:11:45 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2009-12-01 13:02:45 ----A---- C:\Windows\ntbtlog.txt
2009-12-01 08:54:28 ----D---- C:\Windows\Prefetch
2009-11-29 15:11:45 ----D---- C:\Windows\winsxs
2009-11-29 15:01:23 ----D---- C:\Program Files\Common Files
2009-11-25 03:43:02 ----D---- C:\Windows\rescache
2009-11-25 03:20:30 ----D---- C:\Windows\system32\en-US
2009-11-25 03:03:30 ----D---- C:\Windows\system32\catroot
2009-11-25 03:01:11 ----D---- C:\Windows\system32\catroot2
2009-11-23 18:00:14 ----D---- C:\Program Files\Java
2009-11-17 08:36:26 ----D---- C:\Windows\system32\Tasks
2009-11-17 03:26:57 ----RD---- C:\Program Files
2009-11-17 03:26:57 ----D---- C:\Windows\system32\wbem
2009-11-17 03:26:53 ----D---- C:\Windows\system32\zh-TW
2009-11-17 03:26:53 ----D---- C:\Windows\system32\zh-HK
2009-11-17 03:26:53 ----D---- C:\Windows\system32\uk-UA
2009-11-17 03:26:53 ----D---- C:\Windows\system32\tr-TR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\th-TH
2009-11-17 03:26:53 ----D---- C:\Windows\system32\sv-SE
2009-11-17 03:26:53 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-17 03:26:53 ----D---- C:\Windows\system32\sl-SI
2009-11-17 03:26:53 ----D---- C:\Windows\system32\sk-SK
2009-11-17 03:26:53 ----D---- C:\Windows\system32\pt-PT
2009-11-17 03:26:53 ----D---- C:\Windows\system32\pt-BR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\pl-PL
2009-11-17 03:26:53 ----D---- C:\Windows\system32\nl-NL
2009-11-17 03:26:53 ----D---- C:\Windows\system32\lv-LV
2009-11-17 03:26:53 ----D---- C:\Windows\system32\lt-LT
2009-11-17 03:26:53 ----D---- C:\Windows\system32\ko-KR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\it-IT
2009-11-17 03:26:53 ----D---- C:\Windows\system32\hu-HU
2009-11-17 03:26:53 ----D---- C:\Windows\system32\hr-HR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\he-IL
2009-11-17 03:26:53 ----D---- C:\Windows\system32\fr-FR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\fi-FI
2009-11-17 03:26:53 ----D---- C:\Windows\system32\et-EE
2009-11-17 03:26:53 ----D---- C:\Windows\system32\es-ES
2009-11-17 03:26:53 ----D---- C:\Windows\system32\el-GR
2009-11-17 03:26:53 ----D---- C:\Windows\system32\de-DE
2009-11-17 03:26:53 ----D---- C:\Windows\system32\bg-BG
2009-11-17 03:26:52 ----D---- C:\Windows\system32\zh-CN
2009-11-17 03:26:52 ----D---- C:\Windows\system32\ru-RU
2009-11-17 03:26:52 ----D---- C:\Windows\system32\ro-RO
2009-11-17 03:26:52 ----D---- C:\Windows\system32\nb-NO
2009-11-17 03:26:52 ----D---- C:\Windows\system32\ja-JP
2009-11-17 03:26:52 ----D---- C:\Windows\system32\da-DK
2009-11-17 03:26:52 ----D---- C:\Windows\system32\cs-CZ
2009-11-17 03:26:52 ----D---- C:\Windows\system32\ar-SA
2009-11-13 14:55:28 ----D---- C:\Windows\Microsoft.NET
2009-11-13 14:55:13 ----RSD---- C:\Windows\assembly
2009-11-12 23:26:49 ----SHD---- C:\Boot
2009-11-12 23:10:51 ----D---- C:\Program Files\Windows Mail
2009-11-12 23:10:51 ----D---- C:\Program Files\Windows Calendar
2009-11-12 23:10:51 ----D---- C:\Program Files\Movie Maker
2009-11-12 23:10:48 ----D---- C:\Program Files\Windows Sidebar
2009-11-12 23:10:48 ----D---- C:\Program Files\Internet Explorer
2009-11-12 23:10:47 ----D---- C:\Program Files\Windows Media Player
2009-11-12 23:10:46 ----D---- C:\Program Files\Windows Journal
2009-11-12 23:10:46 ----D---- C:\Program Files\Windows Collaboration
2009-11-12 23:10:43 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-12 23:10:43 ----D---- C:\Program Files\Common Files\System
2009-11-12 23:10:39 ----D---- C:\Program Files\Windows Defender
2009-11-12 23:10:38 ----D---- C:\Windows\servicing
2009-11-12 23:10:22 ----D---- C:\Windows\IME
2009-11-12 23:10:21 ----D---- C:\Windows\system32\XPSViewer
2009-11-12 23:10:21 ----D---- C:\Windows\PolicyDefinitions
2009-11-12 23:10:08 ----D---- C:\Windows\system32\oobe
2009-11-12 23:10:07 ----D---- C:\Windows\system32\migration
2009-11-12 23:10:01 ----D---- C:\Windows\system32\setup
2009-11-12 23:10:01 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-12 23:10:00 ----D---- C:\Windows\system32\SLUI
2009-11-12 23:09:57 ----D---- C:\Windows\system32\manifeststore
2009-11-12 23:09:57 ----D---- C:\Windows\system32\en
2009-11-12 23:09:47 ----D---- C:\Windows\system32\migwiz
2009-11-12 23:08:29 ----RSD---- C:\Windows\Fonts
2009-11-12 23:08:28 ----D---- C:\Windows\AppPatch
2009-11-12 23:08:13 ----D---- C:\Windows\system32\Boot
2009-11-11 03:11:58 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-22 163888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;DELL Tablet PC Key Buttons HID Driver; C:\Windows\system32\DRIVERS\HBtnKey.sys [2009-10-30 11392]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091204.006\NAVENG.SYS [2009-08-27 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091204.006\NAVEX15.SYS [2009-08-27 1323568]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver; C:\Windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2007-07-19 6656]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-07 330240]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-04-22 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-08-14 47376]
R3 umpserenum;Serenum Filter Driver ; C:\Windows\system32\DRIVERS\umpserenum.sys [2007-06-28 18432]
R3 umpusbvista;UMP Serial Port Driver ; C:\Windows\system32\DRIVERS\umpusbvista.sys [2007-07-02 56320]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 31616]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-21 534016]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-31 700416]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 lxbt_device;lxbt_device; C:\Windows\system32\lxbtcoms.exe [2007-05-03 537520]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-07 102400]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-03-21 24064]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

-----------------EOF-----------------


thanks again for your help.
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 8th, 2009, 12:42 pm

Hi. :)

It seems my previous reply got lost in cyberspace so here's my reply again.
OK, I was beginning to wonder why three days without any reply.

BTW, I used the advanced procedure to remove Windows Defender.
Are you still receiving any errors with regard to this?

It seems my MS Outlook hasn't fired off any inappropriate email in a week now.
Good to know.

thanks again for your help.
You're welcome!

Re-enable UAC:

It appears this may be disabled:-
Windows Vista Service Pack 2 (UAC is disabled!)
My advice would be to check if it is indeed disabled and re-enable it. As this is a important security feature with Vista and will assist with keeping your system secure.

  • Open Control Panel.
  • Under User Account and Family settings click on the "Add or remove user account".
  • Click on one of the user accounts, for example you can use the Guest account.
  • Under the user account click on the "Go to the main User Account page" link.
  • Under "Make changes to your user account" click on the "Change security settings" link.
  • In the "Turn on User Account Control (UAC) to make your computer more secure" click to select the "Use User Account Control (UAC) to help protect your computer". Click on the OK button.
  • You will be prompted to reboot your computer. Do so when ready.

Peer to Peer Application Advice:

If I may bring your attention to the below forum policy concerning the aforementioned:-

P2P (peer to peer) file sharing programmes must be removed.

Now please uninstall the following, thank you.

LimeWire 5.1.1

Next:

Using Windows Explorer (to get there right-click your Vista orb/Start button and go to "Explore"), please delete this folder (if present):

C:\rsit

Then move RSIT.exe to the desktop as in its present location it may be inadvertently deleted and or return inaccurate logs.

D:\Documents\Downloads\RSIT.exe

Remove BitDefender Remnants:

  • Please download this tool and save it to the desktop.
  • Right-click on BitDefender_Uninstall_Tool.exe and select Run as Administrator.
  • Follow the prompts and click on Uninstall
  • Reboot your computer.

TFC(Temp File Cleaner):

Note: No need to right click on the executable and run in admin mode as this application automatically runs in elevated admin mode.

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is on the Desktop

  • Right-click on RSIT.exe and select Run as Administrator to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log.
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 8th, 2009, 7:52 pm

Hello,

I'm running in a bit of trouble.

I've re-enabled UAC as directed below but now can't seem to be able to do anything that requires an administrator password. So, I'm stuck at running the temp file cleaner. It won't start without a password (which I don't have). Now what do I do?

Limewire is removed.

Bitdefender uninstall has been completed.

TFC won't work.


The windows defender start up pop up is still there.

"Application failed to initialize: 0x800106ba. A problem caused this program’s service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually."

thanks for your continuous support.
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 8th, 2009, 9:01 pm

Hi. :)

I've re-enabled UAC as directed below but now can't seem to be able to do anything that requires an administrator password. So, I'm stuck at running the temp file cleaner. It won't start without a password (which I don't have). Now what do I do?
It sounds very much like when you re-enabled UAC you may have inadvertently chose the option Admin Approval Mode and the machine is now running in a Secure Desktop mode.

You will need to go back into the UAC settings and ensure the the setting I mentioned is not selected and or if the need disable UAC for the time being as it was previously

As to why this happened, you should know the administrator password for your own computer which leads me to ask is this indeed your property and or a business machine?

Reason asking the actual name for this computer is not something normally associated with a home use only personal computer:-
Computer Name: Medtech3138
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 8th, 2009, 9:58 pm

I guess I'll need to have tech support at school unlock it.

I'll get it done Friday.

Thanks
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 9th, 2009, 8:52 am

Hi. :)
I guess I'll need to have tech support at school unlock it.

I'll get it done Friday.

Thanks
OK, fair enough and it would be prudent if you made a note of the admin password for futre reference.

When sorted please complete my instructions from TFC(Temp File Cleaner) on-wards, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 9th, 2009, 8:07 pm

Hello again,

thanks for carrying on.

I went to the university today and got them to give me back admin privileges which they were dumbfounded as to why I didn't have admin privileges on my own machine.

Anyway, I managed to complete your instructions.

TFC run and removed whatever was left of temp files (I had already done a temp file dump before getting in touch with you.)

Malware found nothing.

see log
Malwarebytes' Anti-Malware 1.42
Database version: 3334
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

2009-12-09 19:02:23
mbam-log-2009-12-09 (19-02-23).txt

Scan type: Quick Scan
Objects scanned: 105661
Time elapsed: 20 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


will post RSIT logs on another entry.

Txs
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm

Re: help! My MS Outlook is sending spam

Unread postby Dakeyras » December 9th, 2009, 8:19 pm

OK. :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: help! My MS Outlook is sending spam

Unread postby almic » December 9th, 2009, 8:41 pm

So here it is: 1 of 2

BTW, computer is working better. I guess I got rid of some stuff that was slowing it down.

info.txt logfile of random's system information tool 1.06 2009-12-09 19:09:01

======Uninstall list======

ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archimedes (PocketPC and Smartphone) v 11.3.11 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.11\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.11\irunin.xml"
Archimedes (PocketPC and Smartphone) v 11.3.5 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.5\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.5\irunin.xml"
Archimedes (PocketPC and Smartphone) v 11.3.8 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\11.3.8\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\11.3.8\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.0.1 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.0.1\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.0.1\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.1.2 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.1.2\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.1.2\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.1.5 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.1.5\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.1.5\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.2.2 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.2.2\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.2.2\irunin.xml"
Archimedes (PocketPC and Smartphone) v 12.3.0 by Skyscape-->"C:\Windows\Skyscape\Archimedes_ce\12.3.0\uninstall.exe" "/U:C:\Skyscape\ArchimedesCe\12.3.0\irunin.xml"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
DefilerPak 1.22 (Remove Only)-->"C:\Program Files\DefilerPak\UnDefile.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DynaMed (PocketPC and Smartphone) v 12.10.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.10.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.10.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.11.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.11.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.11.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.12.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.12.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.12.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.13.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.13.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.13.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.15.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.15.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.15.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.16.1 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.16.1\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.16.1\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.18.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.18.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.18.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.19.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.19.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.19.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.20.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.20.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.20.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.23.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.23.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.23.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.24.1 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.24.1\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.24.1\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.25.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.25.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.25.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.26.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.26.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.26.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.27.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.27.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.27.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.4.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.4.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.4.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.5.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.5.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.5.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.6.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.6.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.6.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.7.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.7.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.7.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.8.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.8.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.8.0\irunin.xml"
DynaMed (PocketPC and Smartphone) v 12.9.0 by Skyscape-->"C:\Windows\Skyscape\DynaMed_ce\12.9.0\uninstall.exe" "/U:C:\Skyscape\DynaMedCe\12.9.0\irunin.xml"
Essential Evidence Plus for Pocket PC-->MsiExec.exe /I{2D055BFD-BA86-452A-886E-2CFECE3372B1}
Essential Evidence Plus Updater-->MsiExec.exe /I{FFBDF2CB-5FDD-461B-B082-3B95E81059A3}
Free RAR Extract Frog-->D:\Program Files\Free RAR Extract Frog\uninstall.exe
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lexmark 5200 Series-->C:\Program Files\Lexmark 5200 Series\Install\x86\Uninst.exe
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_12.0" /clone_wait /hide_progress
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
N-trig Software Bundle-->"C:\Program Files\InstallShield Installation Information\{18C71DD4-0147-4318-8689-AE836278FBFE}\setup.exe" -runfromtemp -l0x0009 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Questionmark Secure Browser-->C:\Program Files\InstallShield Installation Information\{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}\setup.exe -runfromtemp -l0x0409
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
R.A.L.E. Lung Sounds 3.0-->C:\Windows\uninst.exe -f"C:\Program Files\PixSoft Inc.\R.A.L.E. Lung Sounds 3.0\DeIsL1.isu" -c"C:\Program Files\PixSoft Inc.\R.A.L.E. Lung Sounds 3.0\_ISREG32.DLL"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
smARTupdate-->C:\Windows\iun6002.exe "C:\Program Files\Common Files\Skyscape\irunin.ini"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Texas Instruments TUSB3410 drivers.-->C:\Program Files\InstallShield Installation Information\{439CF818-EEC6-4A36-8E32-6A4750B0FC5C}\setup.exe -runfromtemp -l0x0409
ThinkVantage Fingerprint Software 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
TouchChip USB Driver 2.6-->MsiExec.exe /I{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VIVIDESK Client (OTTAWA_EBM)-->MsiExec.exe /I{3F2BD0FB-DE5A-4E6A-8DFA-8472581AEA35}
WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Write-N-Cite-->D:\PROGRA~1\Refworks\UNWISE.EXE D:\PROGRA~1\Refworks\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Symantec AntiVirus
AS: Windows Defender

======System event log======

Computer Name: Medtech3138
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 102710
Source Name: b57nd60x
Time Written: 20090510181501.001000-000
Event Type: Warning
User:

Computer Name: Medtech3138
Event Code: 6161
Message: The document Microsoft Word - Dissertation SIM texte, owned by jmicl034, failed to print on printer Lexmark 5200 Series. Try to print the document again, or restart the print spooler.
Data type: LEMF. Size of the spool file in bytes: 2960196. Number of bytes printed: 2960196. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\MEDTECH3138. Win32 error code returned by the print processor: 0. The operation completed successfully.

Record Number: 102638
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090509213742.000000-000
Event Type: Error
User: MEDTECH3138\jmicl034

Computer Name: Medtech3138
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 102632
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090509201626.000000-000
Event Type: Warning
User:

Computer Name: Medtech3138
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 16 seconds since the last report.
Record Number: 102604
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090509133254.926000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Medtech3138
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 16 seconds since the last report.
Record Number: 102603
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090509133254.926000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 23753
Source Name: Outlook
Time Written: 20080912152812.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 23752
Source Name: Outlook
Time Written: 20080912152812.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 23751
Source Name: Outlook
Time Written: 20080912152812.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 23750
Source Name: Outlook
Time Written: 20080912152812.000000-000
Event Type: Error
User:

Computer Name: Medtech3138
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070005).
Record Number: 23749
Source Name: Outlook
Time Written: 20080912152812.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Medtech3138
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-4288720384-1415621487-3964185074-1003
Account Name: jmicl034
Account Domain: MEDTECH3138
Logon ID: 0x1aeadec

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 57512
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090225153249.639000-000
Event Type: Audit Success
User:

Computer Name: Medtech3138
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MEDTECH3138$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 3

New Logon:
Security ID: S-1-5-21-4288720384-1415621487-3964185074-1003
Account Name: jmicl034
Account Domain: MEDTECH3138
Logon ID: 0x1aeadec
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x5bc
Process Name: C:\Windows\System32\BCMWLTRY.EXE

Network Information:
Workstation Name: MEDTECH3138
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 57511
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090225153249.639000-000
Event Type: Audit Success
User:

Computer Name: Medtech3138
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: MEDTECH3138$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: jmicl034
Account Domain: MEDTECH3138
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x5bc
Process Name: C:\Windows\System32\BCMWLTRY.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 57510
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090225153249.639000-000
Event Type: Audit Success
User:

Computer Name: Medtech3138
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-4288720384-1415621487-3964185074-1003
Account Name: jmicl034
Account Domain: MEDTECH3138
Logon ID: 0x1abcd0d

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 57509
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090225153246.299000-000
Event Type: Audit Success
User:

Computer Name: Medtech3138
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-4288720384-1415621487-3964185074-1003
Account Name: jmicl034
Account Domain: MEDTECH3138
Logon ID: 0x1abcf20

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 57508
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090225153241.815000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

MTF
almic
Regular Member
 
Posts: 15
Joined: November 29th, 2009, 6:24 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 152 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware