Inactive [InActive] I am unable to open regedit or the taskmanager

TMFAH · 2008/10/03

I have tried using hijackthis, ccleaner and malwarebytes. I am the only user on my computer and am the administrator but i cant open regedit or the taskmanager because it says that its disabled by the administrator. To download RSIT i had to create another account and save it to that. i cannot download any programs to my account. My internet gets redirected and there are tons of popups. i was able to fix the popups but i cant change the start page and I dont know what do do.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andy at 2008-10-03 13:55:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (15%) free of 35 GB
Total RAM: 502 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:55 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3043 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Michelle).job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Tami).job

======Registry dump======

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F47A8DB3.exe]
C:\DOCUME~1\Andy\LOCALS~1\Temp\_A00F47A8DB3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BillMinder]
C:\QWSE\BILLMIND.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 6200 Series\ezprint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
C:\Program Files\Lexmark 6200 Series\lxbumon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenSEIcon]
C:\QWSE\QAWARE.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenSEMessage]
C:\QWSE\QSEMSG.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-12-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-06-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZingSpooler]
C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr "=1
"DisableRegistryTools "=1
"NoDispCPL "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoStartMenuMorePrograms "=0
"StartMenuLogOff "=0
"NoDrives "=0
"NoToolbarCustomize "=0
"NoSetFolders "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\WINDOWS\SYSTEM32\lxbucoms.exe "= "C:\WINDOWS\SYSTEM32\lxbucoms.exe:*isabled:6200 Series Server "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe "= "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe "= "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe "= "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe "= "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe "= "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*:EnabledNA "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe "= "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7086cad-8063-11dd-97d1-00111187c2cb}]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

TMFAH · 2008/10/03

the rest of my log file

======List of files/folders created in the last 3 months======

2008-10-03 13:53:45 ----D---- C:\rsit
2008-10-03 13:22:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-03 12:52:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-03 12:51:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 03:29:56 ----D---- C:\Program Files\Trend Micro
2008-10-02 14:08:49 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-02 04:43:30 ----D---- C:\Documents and Settings\Andy\Application Data\Malwarebytes
2008-10-02 04:43:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 00:42:55 ----A---- C:\Documents and Settings\Andy\Application Data\bhrslog.txt
2008-10-02 00:42:31 ----D---- C:\Program Files\Zamaan's Software
2008-10-02 00:27:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 00:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-01 21:13:20 ----D---- C:\QUARANTINE
2008-10-01 20:37:09 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-01 20:36:24 ----D---- C:\Program Files\McAfee
2008-10-01 20:36:24 ----D---- C:\Program Files\Common Files\McAfee
2008-10-01 19:39:16 ----D---- C:\Documents and Settings\Andy\Application Data\TmpRecentIcons
2008-10-01 19:39:06 ----A---- C:\WINDOWS\xgpsarbm.dll
2008-10-01 19:39:06 ----A---- C:\WINDOWS\dkwqgnbe.dll
2008-10-01 19:16:20 ----D---- C:\Program Files\Propellerhead
2008-09-30 22:46:14 ----D---- C:\WINDOWS\Prefetch
2008-09-30 18:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-30 18:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-30 18:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-30 18:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-30 18:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-30 18:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-30 18:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-30 18:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-30 18:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-30 18:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-30 18:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-30 18:28:12 ----D---- C:\WINDOWS\system32\scripting
2008-09-30 18:28:10 ----D---- C:\WINDOWS\l2schemas
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\en
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\bits
2008-09-30 18:25:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-30 18:18:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-30 18:18:31 ----D---- C:\WINDOWS\EHome
2008-09-27 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$
2008-09-26 10:13:28 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\snmptrap.exe
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\iprip.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmpmib.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmp.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntwin.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntcmd.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntagnt.dll
2008-09-26 10:13:23 ----A---- C:\WINDOWS\system32\hostmib.dll
2008-09-26 10:13:20 ----A---- C:\WINDOWS\system32\lmmib2.dll
2008-09-26 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-26 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-26 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-26 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-25 11:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-09-25 11:57:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-25 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-25 11:56:59 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-25 11:56:37 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-25 11:55:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-25 11:54:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-24 22:22:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-24 22:22:36 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-24 22:22:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-24 22:22:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-24 22:22:14 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-24 22:22:13 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-24 22:22:09 ----N---- C:\WINDOWS\slrundll.exe
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-24 22:22:03 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-24 22:22:00 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-24 22:21:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-24 22:21:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-24 22:21:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-24 22:21:51 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-24 22:21:49 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-24 22:21:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-24 22:21:33 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-24 22:21:32 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-24 22:21:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-24 22:20:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-24 22:20:24 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-24 22:20:24 ----A---- C:\WINDOWS\002757_.tmp
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-24 22:20:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-24 22:20:12 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-24 22:20:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-24 22:20:00 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 22:19:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 15:23:53 ----D---- C:\Documents and Settings\Andy\Application Data\NetMedia Providers
2008-09-20 15:23:49 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic Foundry
2008-09-20 15:21:48 ----D---- C:\Program Files\Sonic Foundry
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-09-20 15:21:45 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-20 15:17:46 ----D---- C:\Program Files\VSTplugins
2008-09-20 15:17:43 ----D---- C:\Documents and Settings\Andy\Application Data\Publish Providers
2008-09-20 15:16:51 ----D---- C:\Documents and Settings\Andy\Application Data\Sony
2008-09-20 15:15:52 ----D---- C:\Program Files\Sony
2008-09-18 19:21:09 ----D---- C:\Documents and Settings\Andy\Application Data\Real
2008-09-17 12:13:53 ----D---- C:\Documents and Settings\Andy\Application Data\Media Player Classic
2008-09-17 12:12:55 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-17 12:12:55 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\divx.dll
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 12:12:51 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-17 03:36:41 ----D---- C:\Documents and Settings\Andy\Application Data\CyberLink
2008-09-16 20:06:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-16 19:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\ReWire.dll
2008-09-16 15:35:31 ----D---- C:\Documents and Settings\Andy\Application Data\Steinberg
2008-09-16 15:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-09-16 15:31:49 ----A---- C:\WINDOWS\system32\Synsopos.exe
2008-09-16 15:31:48 ----D---- C:\Program Files\Syncrosoft
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SynsoLChk.dll
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SYNSOACC.dll
2008-09-16 12:05:50 ----D---- C:\Program Files\US122
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A24.dll
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A16.dll
2008-09-15 21:49:38 ----D---- C:\Documents and Settings\Andy\Application Data\WinRAR
2008-09-15 21:49:16 ----D---- C:\Program Files\WinRAR
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\Andy\Application Data\Propellerhead Software
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-09-15 16:14:48 ----D---- C:\Program Files\Recycle
2008-09-15 16:13:50 ----A---- C:\WINDOWS\LOOP.exe
2008-09-11 19:58:04 ----D---- C:\Documents and Settings\Andy\Application Data\Yahoo!
2008-09-11 19:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-11 19:44:37 ----A---- C:\YServer.txt
2008-09-11 19:44:29 ----D---- C:\Program Files\Yahoo!
2008-09-11 19:27:28 ----D---- C:\Documents and Settings\Andy\Application Data\Macromedia
2008-09-11 19:26:30 ----D---- C:\Documents and Settings\Andy\Application Data\Adobe
2008-09-11 11:33:42 ----D---- C:\Documents and Settings\Andy\Application Data\BitTorrent
2008-09-11 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-11 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-11 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-11 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-11 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-11 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-11 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 17:20:59 ----ASH---- C:\Documents and Settings\Andy\Application Data\DESKTOP.INI
2008-09-10 17:20:44 ----SD---- C:\Documents and Settings\Andy\Application Data\Microsoft
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sun
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Jasc Software Inc
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Identities
2008-09-10 12:21:26 ----D---- C:\Program Files\DNA
2008-09-10 12:21:25 ----D---- C:\Program Files\BitTorrent
2008-09-10 12:07:19 ----D---- C:\WINDOWS\pss
2008-08-07 17:30:08 ----SHD---- C:\$RECYCLE.BIN
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\java.exe
2008-07-09 21:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

======List of files/folders modified in the last 3 months======

2008-10-03 13:50:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-03 13:24:24 ----D---- C:\WINDOWS\Temp
2008-10-03 13:22:16 ----SHD---- C:\WINDOWS\Installer
2008-10-03 13:22:06 ----D---- C:\WINDOWS
2008-10-03 13:21:35 ----D---- C:\Documents and Settings
2008-10-03 03:53:45 ----SHD---- C:\RECYCLER
2008-10-03 03:32:11 ----D---- C:\WINDOWS\SYSTEM32
2008-10-03 03:32:09 ----HD---- C:\WINDOWS\INF
2008-10-03 03:29:56 ----RD---- C:\Program Files
2008-10-03 03:04:59 ----RASH---- C:\BOOT.INI
2008-10-03 03:04:59 ----A---- C:\WINDOWS\WIN.INI
2008-10-03 03:04:59 ----A---- C:\WINDOWS\SYSTEM.INI
2008-10-02 21:50:31 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-02 05:02:59 ----D---- C:\WINDOWS\Debug
2008-10-02 04:35:42 ----SHD---- C:\System Volume Information
2008-10-02 04:35:42 ----D---- C:\WINDOWS\system32\Restore
2008-10-02 01:22:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-02 00:27:05 ----D---- C:\Program Files\Common Files
2008-10-02 00:25:21 ----D---- C:\WINDOWS\Registration
2008-10-02 00:22:41 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-01 20:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-01 20:15:36 ----D---- C:\Program Files\Internet Explorer
2008-10-01 18:50:45 ----D---- C:\WINDOWS\SYSTEM
2008-10-01 12:28:39 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 07:32:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-30 22:51:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-30 22:45:47 ----D---- C:\WINDOWS\system32\Setup
2008-09-30 22:45:47 ----D---- C:\WINDOWS\AppPatch
2008-09-30 22:45:46 ----D---- C:\WINDOWS\system32\WBEM
2008-09-30 22:45:45 ----RSD---- C:\WINDOWS\Fonts
2008-09-30 18:38:33 ----D---- C:\WINDOWS\SECURITY
2008-09-30 18:35:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 18:32:55 ----D---- C:\Program Files\Messenger
2008-09-30 18:28:37 ----D---- C:\WINDOWS\WinSxS
2008-09-30 18:28:28 ----D---- C:\WINDOWS\IME
2008-09-30 18:28:27 ----D---- C:\WINDOWS\Help
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\USMT
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\en-US
2008-09-30 18:28:09 ----D---- C:\WINDOWS\PeerNet
2008-09-30 18:28:09 ----D---- C:\Program Files\Movie Maker
2008-09-30 18:25:33 ----D---- C:\WINDOWS\system32\NPP
2008-09-30 18:25:31 ----D---- C:\WINDOWS\MSAGENT
2008-09-30 18:25:30 ----D---- C:\WINDOWS\SRCHASST
2008-09-30 18:25:27 ----D---- C:\Program Files\NetMeeting
2008-09-30 18:25:26 ----D---- C:\WINDOWS\system32\Com
2008-09-30 18:25:23 ----D---- C:\Program Files\Windows Media Player
2008-09-30 18:25:22 ----D---- C:\Program Files\Windows NT
2008-09-30 18:25:22 ----D---- C:\Program Files\Outlook Express
2008-09-30 18:25:19 ----D---- C:\Program Files\Common Files\System
2008-09-30 18:24:55 ----D---- C:\WINDOWS\system32\OOBE
2008-09-30 18:21:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-28 12:42:15 ----D---- C:\I386
2008-09-26 10:13:42 ----D---- C:\Program Files\Online Services
2008-09-26 10:13:37 ----D---- C:\WINDOWS\Cursors
2008-09-26 10:13:16 ----D---- C:\WINDOWS\ADDINS
2008-09-26 08:56:17 ----D---- C:\Program Files\Java
2008-09-26 08:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 08:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-26 08:26:08 ----D---- C:\Program Files\Dell Support Center
2008-09-26 03:09:06 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-09-25 11:54:40 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-16 20:06:14 ----D---- C:\Program Files\Adobe
2008-09-16 20:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-16 20:05:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-15 20:55:44 ----D---- C:\WINDOWS\system32\Macromed
2008-09-11 19:25:25 ----D---- C:\WINDOWS\system32\Adobe
2008-09-10 17:13:00 ----A---- C:\WINDOWS\QUICKEN.INI
2008-09-10 17:11:00 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-10 17:10:15 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-09-10 17:06:20 ----D---- C:\Program Files\Viewpoint
2008-09-10 17:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-10 17:04:06 ----D---- C:\Program Files\MUSICMATCH
2008-09-10 17:02:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 16:59:48 ----SD---- C:\WINDOWS\Tasks
2008-09-10 16:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-10 16:57:43 ----D---- C:\WINDOWS\occache
2008-09-10 16:56:33 ----D---- C:\Program Files\Easy Upload Tools
2008-09-10 16:56:27 ----D---- C:\Program Files\Google
2008-09-10 16:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-10 16:54:19 ----D---- C:\DELL
2008-09-10 16:52:49 ----D---- C:\WINDOWS\TWAIN_32
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-03 16:16:35 ----A---- C:\WINDOWS\ulead32.ini
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 15:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2007-08-29 131968]
R3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2007-08-29 18304]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

TMFAH · 2008/10/03

my info file

info.txt logfile of random's system information tool 1.04 2008-10-03 13:53:51

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only)--> "C:\Documents and Settings\Andy\Desktop\CCleaner\uninst.exe "
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 4.1.7--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Malwarebytes' Anti-Malware--> "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\unins000.exe "
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken SE 6-->C:\WINDOWS\uninst.exe -fC:\QWSE\DeIsL1.isu
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason-->MsiExec.exe /X{E52BFE61-E0FF-11D6-9D69-00065BABCB42}
ReCycle v2.1-->C:\PROGRA~1\Recycle\UNWISE.EXE C:\PROGRA~1\Recycle\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Sonic Foundry ACID 4.0-->MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
US122 Driver 3.40--> "C:\Program Files\US122\unins000.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O21 - SSODL: neksolda - {40C819A6-2AF4-4089-B01A-BD636C67AE45} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O21 - SSODL: xgpsarbm - {FD19312C-40DE-4FE4-9841-13476749A3F8} - C:\WINDOWS\xgpsarbm.dll
O3 - Toolbar: dkwqgnbe - {1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049} - C:\WINDOWS\dkwqgnbe.dll
O2 - BHO: QXK Olive - {A3184AB8-23F0-4518-A798-326C31D95111} - C:\WINDOWS\nkefbltdsaq.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O2 - BHO: (no name) - {A3184AB8-23F0-4518-A798-326C31D95111} - (no file)
O21 - SSODL: xgpsarbm - {FD19312C-40DE-4FE4-9841-13476749A3F8} - (no file)
O21 - SSODL: neksolda - {40C819A6-2AF4-4089-B01A-BD636C67AE45} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O3 - Toolbar: dkwqgnbe - {1CFB1B63-FEB6-4FF2-9B5F-28FA70D6A049} - C:\WINDOWS\dkwqgnbe.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

======Security center information======

AV: McAfee VirusScan Enterprise

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Sonic Shared
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION "=0304
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"VSEDEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------

PeteC · 2008/10/03

Please stick with your original thread - threads merged.

TMFAH · 2008/10/03

sorry thanks

noahdfear · 2008/10/03

Welcome to WindowsBBS TMFAH

Click here

If it launches a file download dialog for download_file.exe from noahdfear.net, click Run.

download_file.vbs file should appear on the desktop, and shortly there-after a renamed copy of ComboFix.

Please note that the vbs file is recognized by some security programs as a Trojan-Downloader.JS and may try to block it. I assure you, the file is safe.

If successful, shut down all open windows and programs, double click the renamed ComboFix and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - It's recommended to disable realtime protection applications, such as your antivirus program, while running ComboFix. They can sometimes interfere with the tool. Check this link for your applicable programs.

Note - Please do not logon to your normal account until further notice.

TMFAH · 2008/10/04

When i click run it says "windows cannot access the specified device, path or file. you may not have the appropriate permissions to access the item." this happens weather i try to open it from my old account or the new one i had to make.

noahdfear · 2008/10/04

See if you can save it to the desktop then. If successful, run it and the 2 files should appear shortly.

TMFAH · 2008/10/04

"windows cannot find 'download_file.vbs'. please make sure you typed the name correctly, and then try again. to search for a file, click the start button, and then click search." i searched for it and cannot find it. am i supposed to rename the file "download_file.vbs "???

noahdfear · 2008/10/04

I'm sending you a private message.

noahdfear · 2008/10/06

Just received and reviewed your log. Please update MBAM and run a complete system scan. Remove anything it finds, then post the log.

Then, run RSIT again to create a new log.txt and post it here as well.

TMFAH · 2008/10/06

Here is the new MBAM log

Malwarebytes' Anti-Malware 1.28
Database version: 1233
Windows 5.1.2600 Service Pack 3

2008-10-06 10:01:20
mbam-log-2008-10-06 (10-01-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 94683
Time elapsed: 36 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TMFAH · 2008/10/06

New RSIT Log File 1 of 2

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andy at 2008-10-06 10:07:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (10%) free of 35 GB
Total RAM: 502 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07, on 2008-10-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator1\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3428 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Michelle).job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Tami).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"McAfeeUpdaterUI "=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-12-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-06-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe "= "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*isabledNA "
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

TMFAH · 2008/10/06

New RSIT Log File 2 Of 2

======List of files/folders created in the last 3 months======

2008-10-06 10:03:48 ----D---- C:\Program Files\trend micro
2008-10-06 09:00:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-06 01:26:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-06 00:33:49 ----D---- C:\Program Files\Propellerhead
2008-10-05 23:50:21 ----A---- C:\Bug.txt
2008-10-05 23:50:20 ----A---- C:\WINDOWS\system32\cmd.execf
2008-10-05 23:50:04 ----D---- C:\32788R22FWJFW
2008-10-05 15:22:43 ----A---- C:\ComboFix.txt
2008-10-05 15:17:22 ----D---- C:\WINDOWS\temp
2008-10-05 15:14:55 ----D---- C:\WINDOWS\erdnt
2008-10-05 15:14:35 ----D---- C:\QooBox
2008-10-05 15:14:34 ----A---- C:\WINDOWS\zip.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\VFIND.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\swxcacls.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\SWSC.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\SWREG.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\sed.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\grep.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\fdsv.exe
2008-10-05 13:36:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 13:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 13:18:34 ----A---- C:\Program Files\FreeFile.exe
2008-10-04 03:42:27 ----A---- C:\smitfiles.txt
2008-10-03 13:53:45 ----D---- C:\rsit
2008-10-02 14:08:49 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-02 04:43:30 ----D---- C:\Documents and Settings\Andy\Application Data\Malwarebytes
2008-10-02 04:43:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 00:42:55 ----A---- C:\Documents and Settings\Andy\Application Data\bhrslog.txt
2008-10-02 00:27:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 00:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-01 21:13:20 ----D---- C:\QUARANTINE
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-01 20:36:24 ----D---- C:\Program Files\McAfee
2008-10-01 20:36:24 ----D---- C:\Program Files\Common Files\McAfee
2008-09-30 22:46:14 ----D---- C:\WINDOWS\Prefetch
2008-09-30 18:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-30 18:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-30 18:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-30 18:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-30 18:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-30 18:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-30 18:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-30 18:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-30 18:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-30 18:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-30 18:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-30 18:28:12 ----D---- C:\WINDOWS\system32\scripting
2008-09-30 18:28:10 ----D---- C:\WINDOWS\l2schemas
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\en
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\bits
2008-09-30 18:25:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-30 18:18:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-30 18:18:31 ----D---- C:\WINDOWS\EHome
2008-09-27 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$
2008-09-26 10:13:28 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\snmptrap.exe
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\iprip.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmpmib.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmp.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntwin.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntcmd.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntagnt.dll
2008-09-26 10:13:23 ----A---- C:\WINDOWS\system32\hostmib.dll
2008-09-26 10:13:20 ----A---- C:\WINDOWS\system32\lmmib2.dll
2008-09-26 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-26 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-26 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-26 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-25 11:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-09-25 11:57:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-25 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-25 11:56:59 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-25 11:56:37 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-25 11:55:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-25 11:54:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-24 22:22:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-24 22:22:36 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-24 22:22:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-24 22:22:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-24 22:22:14 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-24 22:22:13 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-24 22:22:09 ----N---- C:\WINDOWS\slrundll.exe
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-24 22:22:03 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-24 22:22:00 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-24 22:21:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-24 22:21:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-24 22:21:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-24 22:21:51 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-24 22:21:49 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-24 22:21:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-24 22:21:33 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-24 22:21:32 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-24 22:21:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-24 22:20:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-24 22:20:24 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-24 22:20:24 ----A---- C:\WINDOWS\002757_.tmp
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-24 22:20:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-24 22:20:12 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-24 22:20:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-24 22:20:00 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 22:19:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 15:23:53 ----D---- C:\Documents and Settings\Andy\Application Data\NetMedia Providers
2008-09-20 15:23:49 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic Foundry
2008-09-20 15:21:48 ----D---- C:\Program Files\Sonic Foundry
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-09-20 15:21:45 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-20 15:17:46 ----D---- C:\Program Files\VSTplugins
2008-09-20 15:17:43 ----D---- C:\Documents and Settings\Andy\Application Data\Publish Providers
2008-09-20 15:16:51 ----D---- C:\Documents and Settings\Andy\Application Data\Sony
2008-09-20 15:15:52 ----D---- C:\Program Files\Sony
2008-09-18 19:21:09 ----D---- C:\Documents and Settings\Andy\Application Data\Real
2008-09-17 12:13:53 ----D---- C:\Documents and Settings\Andy\Application Data\Media Player Classic
2008-09-17 12:12:55 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-17 12:12:55 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\divx.dll
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 12:12:51 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-17 03:36:41 ----D---- C:\Documents and Settings\Andy\Application Data\CyberLink
2008-09-16 20:06:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-16 19:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\ReWire.dll
2008-09-16 15:35:31 ----D---- C:\Documents and Settings\Andy\Application Data\Steinberg
2008-09-16 15:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-09-16 15:31:49 ----A---- C:\WINDOWS\system32\Synsopos.exe
2008-09-16 15:31:48 ----D---- C:\Program Files\Syncrosoft
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SynsoLChk.dll
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SYNSOACC.dll
2008-09-16 12:05:50 ----D---- C:\Program Files\US122
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A24.dll
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A16.dll
2008-09-15 21:49:38 ----D---- C:\Documents and Settings\Andy\Application Data\WinRAR
2008-09-15 21:49:16 ----D---- C:\Program Files\WinRAR
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\Andy\Application Data\Propellerhead Software
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-09-15 16:14:48 ----D---- C:\Program Files\Recycle
2008-09-15 16:13:50 ----A---- C:\WINDOWS\LOOP.exe
2008-09-11 19:58:04 ----D---- C:\Documents and Settings\Andy\Application Data\Yahoo!
2008-09-11 19:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-11 19:44:37 ----A---- C:\YServer.txt
2008-09-11 19:44:29 ----D---- C:\Program Files\Yahoo!
2008-09-11 19:27:28 ----D---- C:\Documents and Settings\Andy\Application Data\Macromedia
2008-09-11 19:26:30 ----D---- C:\Documents and Settings\Andy\Application Data\Adobe
2008-09-11 11:33:42 ----D---- C:\Documents and Settings\Andy\Application Data\BitTorrent
2008-09-11 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-11 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-11 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-11 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-11 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-11 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-11 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 17:20:59 ----ASH---- C:\Documents and Settings\Andy\Application Data\DESKTOP.INI
2008-09-10 17:20:44 ----SD---- C:\Documents and Settings\Andy\Application Data\Microsoft
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sun
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Jasc Software Inc
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Identities
2008-09-10 12:21:26 ----D---- C:\Program Files\DNA
2008-09-10 12:21:25 ----D---- C:\Program Files\BitTorrent
2008-09-10 12:07:19 ----D---- C:\WINDOWS\pss
2008-08-07 17:30:08 ----SHD---- C:\$RECYCLE.BIN
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\java.exe
2008-07-09 21:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

======List of files/folders modified in the last 3 months======

2008-10-06 10:03:48 ----RD---- C:\Program Files
2008-10-06 09:00:53 ----D---- C:\WINDOWS
2008-10-06 08:58:04 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-06 08:29:44 ----D---- C:\Program Files\Common Files
2008-10-06 02:01:55 ----D---- C:\WINDOWS\system32\Restore
2008-10-06 01:50:47 ----D---- C:\WINDOWS\SYSTEM
2008-10-06 00:30:57 ----SHD---- C:\WINDOWS\Installer
2008-10-05 23:50:20 ----D---- C:\WINDOWS\SYSTEM32
2008-10-05 23:49:56 ----SHD---- C:\RECYCLER
2008-10-05 23:24:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 15:18:49 ----A---- C:\WINDOWS\system.ini
2008-10-05 15:17:45 ----D---- C:\WINDOWS\system32\CONFIG
2008-10-05 15:17:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 15:16:25 ----D---- C:\WINDOWS\AppPatch
2008-10-05 13:10:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-03 13:21:35 ----D---- C:\Documents and Settings
2008-10-03 03:32:09 ----HD---- C:\WINDOWS\INF
2008-10-03 03:04:59 ----RASH---- C:\BOOT.INI
2008-10-03 03:04:59 ----A---- C:\WINDOWS\WIN.INI
2008-10-02 05:02:59 ----D---- C:\WINDOWS\Debug
2008-10-02 04:35:42 ----SHD---- C:\System Volume Information
2008-10-02 00:25:21 ----D---- C:\WINDOWS\Registration
2008-10-01 20:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-01 20:15:36 ----D---- C:\Program Files\Internet Explorer
2008-10-01 12:28:39 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 07:32:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-30 22:51:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-30 22:45:47 ----D---- C:\WINDOWS\system32\Setup
2008-09-30 22:45:46 ----D---- C:\WINDOWS\system32\WBEM
2008-09-30 22:45:45 ----RSD---- C:\WINDOWS\Fonts
2008-09-30 18:38:33 ----D---- C:\WINDOWS\SECURITY
2008-09-30 18:35:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 18:32:55 ----D---- C:\Program Files\Messenger
2008-09-30 18:28:37 ----D---- C:\WINDOWS\WinSxS
2008-09-30 18:28:28 ----D---- C:\WINDOWS\IME
2008-09-30 18:28:27 ----D---- C:\WINDOWS\Help
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\USMT
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\en-US
2008-09-30 18:28:09 ----D---- C:\WINDOWS\PeerNet
2008-09-30 18:28:09 ----D---- C:\Program Files\Movie Maker
2008-09-30 18:25:33 ----D---- C:\WINDOWS\system32\NPP
2008-09-30 18:25:31 ----D---- C:\WINDOWS\MSAGENT
2008-09-30 18:25:30 ----D---- C:\WINDOWS\SRCHASST
2008-09-30 18:25:27 ----D---- C:\Program Files\NetMeeting
2008-09-30 18:25:26 ----D---- C:\WINDOWS\system32\Com
2008-09-30 18:25:23 ----D---- C:\Program Files\Windows Media Player
2008-09-30 18:25:22 ----D---- C:\Program Files\Windows NT
2008-09-30 18:25:22 ----D---- C:\Program Files\Outlook Express
2008-09-30 18:25:19 ----D---- C:\Program Files\Common Files\System
2008-09-30 18:24:55 ----D---- C:\WINDOWS\system32\OOBE
2008-09-30 18:21:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-28 12:42:15 ----D---- C:\I386
2008-09-26 10:13:42 ----D---- C:\Program Files\Online Services
2008-09-26 10:13:37 ----D---- C:\WINDOWS\Cursors
2008-09-26 10:13:16 ----D---- C:\WINDOWS\ADDINS
2008-09-26 08:56:17 ----D---- C:\Program Files\Java
2008-09-26 08:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 08:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-26 08:26:08 ----D---- C:\Program Files\Dell Support Center
2008-09-26 03:09:06 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-09-16 20:06:14 ----D---- C:\Program Files\Adobe
2008-09-16 20:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-16 20:05:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-15 20:55:44 ----D---- C:\WINDOWS\system32\Macromed
2008-09-11 19:25:25 ----D---- C:\WINDOWS\system32\Adobe
2008-09-10 17:13:00 ----A---- C:\WINDOWS\QUICKEN.INI
2008-09-10 17:11:00 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-10 17:10:15 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-09-10 17:06:20 ----D---- C:\Program Files\Viewpoint
2008-09-10 17:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-10 17:04:06 ----D---- C:\Program Files\MUSICMATCH
2008-09-10 17:02:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 16:59:48 ----SD---- C:\WINDOWS\Tasks
2008-09-10 16:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-10 16:57:43 ----D---- C:\WINDOWS\occache
2008-09-10 16:56:33 ----D---- C:\Program Files\Easy Upload Tools
2008-09-10 16:56:27 ----D---- C:\Program Files\Google
2008-09-10 16:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-10 16:54:19 ----D---- C:\DELL
2008-09-10 16:52:49 ----D---- C:\WINDOWS\TWAIN_32
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-03 16:16:35 ----A---- C:\WINDOWS\ulead32.ini
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 15:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2007-08-29 131968]
R3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\FomboCix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2007-08-29 18304]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

TMFAH · 2008/10/06

I ran MBAM and Spybot in safemode and was able to get the taskmanager back and now my internet doesnt redirect to antivirus websites but I i still cant open the regedit and CCleaner finds things that are messed up in the registry but cant fix them. And if i log in as the administrator while in safemode CCleaner doesnt find the same problems it finds different ones which i can fix but they always come back after i log into my account.

noahdfear · 2008/10/07

I have a few questions, and a couple of requests.

1. Do you know what this program is?
C:\Program Files\US122

2. How about this one?
C:\Program Files\Recycle

It appeared at the same time as the following.
C:\WINDOWS\LOOP.exe
C:\Documents and Settings\Andy\Application Data\Propellerhead Software
C:\Documents and Settings\All Users\Application Data\Propellerhead Software

Most everything I've found in regards to loop.exe suggests it is a malware dialer. Id like for you to upload loop.exe to my submission channel for analysis. Leave a link back to this topic.

Please delete the C:\rsit folder, then run RSIT.exe again. Post the contents of both logs that open when done.

TMFAH · 2008/10/08

us 122 is the software for an audio/midi interface. Reason and Recycle are both products made by propellerhead for audio editing and production. I'll send that file to you and rescan and post when i get home. Thank you for helping me with this.

TMFAH · 2008/10/11

Logfile 1/2

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andy at 2008-10-11 09:57:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (11%) free of 35 GB
Total RAM: 502 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58, on 2008-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3390 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Michelle).job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (GABRIEL-Tami).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"McAfeeUpdaterUI "=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-12-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-06-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe "= "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*isabledNA "
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

======List of files/folders created in the last 3 months======

2008-10-11 09:57:54 ----D---- C:\rsit
2008-10-11 09:57:47 ----A---- C:\RSIT.exe
2008-10-06 10:03:48 ----D---- C:\Program Files\trend micro
2008-10-06 01:26:33 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-06 00:33:49 ----D---- C:\Program Files\Propellerhead
2008-10-05 23:50:21 ----A---- C:\Bug.txt
2008-10-05 23:50:20 ----A---- C:\WINDOWS\system32\cmd.execf
2008-10-05 23:50:04 ----D---- C:\32788R22FWJFW
2008-10-05 15:22:43 ----A---- C:\ComboFix.txt
2008-10-05 15:17:22 ----D---- C:\WINDOWS\temp
2008-10-05 15:14:55 ----D---- C:\WINDOWS\erdnt
2008-10-05 15:14:35 ----D---- C:\QooBox
2008-10-05 15:14:34 ----A---- C:\WINDOWS\zip.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\VFIND.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\swxcacls.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\SWSC.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\SWREG.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\sed.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\grep.exe
2008-10-05 15:14:34 ----A---- C:\WINDOWS\fdsv.exe
2008-10-05 13:36:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 13:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-04 03:42:27 ----A---- C:\smitfiles.txt
2008-10-02 14:08:49 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-02 04:43:30 ----D---- C:\Documents and Settings\Andy\Application Data\Malwarebytes
2008-10-02 04:43:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-02 00:42:55 ----A---- C:\Documents and Settings\Andy\Application Data\bhrslog.txt
2008-10-02 00:27:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 00:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-01 21:13:20 ----D---- C:\QUARANTINE
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-10-01 20:37:09 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-01 20:36:24 ----D---- C:\Program Files\McAfee
2008-10-01 20:36:24 ----D---- C:\Program Files\Common Files\McAfee
2008-09-30 22:46:14 ----D---- C:\WINDOWS\Prefetch
2008-09-30 18:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-30 18:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-30 18:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-30 18:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-30 18:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-30 18:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-30 18:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-30 18:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-30 18:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-30 18:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-30 18:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-30 18:28:12 ----D---- C:\WINDOWS\system32\scripting
2008-09-30 18:28:10 ----D---- C:\WINDOWS\l2schemas
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\en
2008-09-30 18:28:09 ----D---- C:\WINDOWS\system32\bits
2008-09-30 18:25:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-30 18:18:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-30 18:18:31 ----D---- C:\WINDOWS\EHome
2008-09-27 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$
2008-09-26 10:13:28 ----A---- C:\WINDOWS\system32\simptcp.dll
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\snmptrap.exe
2008-09-26 10:13:25 ----A---- C:\WINDOWS\system32\iprip.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmpmib.dll
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\snmp.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntwin.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntcmd.exe
2008-09-26 10:13:24 ----A---- C:\WINDOWS\system32\evntagnt.dll
2008-09-26 10:13:23 ----A---- C:\WINDOWS\system32\hostmib.dll
2008-09-26 10:13:20 ----A---- C:\WINDOWS\system32\lmmib2.dll
2008-09-26 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-26 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-26 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-26 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-25 11:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-09-25 11:57:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-25 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-25 11:56:59 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-25 11:56:37 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-25 11:55:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-25 11:54:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-24 22:22:38 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-24 22:22:36 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-24 22:22:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-24 22:22:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-24 22:22:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-24 22:22:14 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-24 22:22:13 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-24 22:22:09 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-24 22:22:09 ----N---- C:\WINDOWS\slrundll.exe
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-24 22:22:08 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-24 22:22:03 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-24 22:22:00 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-24 22:21:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-24 22:21:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-24 22:21:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-24 22:21:54 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-24 22:21:51 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-24 22:21:49 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-24 22:21:35 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-24 22:21:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-24 22:21:33 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-24 22:21:32 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-24 22:21:29 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-24 22:21:05 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-24 22:21:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-24 22:20:41 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-24 22:20:40 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-24 22:20:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-24 22:20:24 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-24 22:20:24 ----A---- C:\WINDOWS\002757_.tmp
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-24 22:20:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-24 22:20:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-24 22:20:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-24 22:20:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-24 22:20:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-24 22:20:12 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-24 22:20:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 22:20:05 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 22:20:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-24 22:20:00 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 22:19:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 15:23:53 ----D---- C:\Documents and Settings\Andy\Application Data\NetMedia Providers
2008-09-20 15:23:49 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic Foundry
2008-09-20 15:21:48 ----D---- C:\Program Files\Sonic Foundry
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-20 15:21:46 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-09-20 15:21:45 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-20 15:17:46 ----D---- C:\Program Files\VSTplugins
2008-09-20 15:17:43 ----D---- C:\Documents and Settings\Andy\Application Data\Publish Providers
2008-09-20 15:16:51 ----D---- C:\Documents and Settings\Andy\Application Data\Sony
2008-09-20 15:15:52 ----D---- C:\Program Files\Sony
2008-09-18 19:21:09 ----D---- C:\Documents and Settings\Andy\Application Data\Real
2008-09-17 12:13:53 ----D---- C:\Documents and Settings\Andy\Application Data\Media Player Classic
2008-09-17 12:12:55 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-17 12:12:55 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 12:12:54 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-17 12:12:53 ----A---- C:\WINDOWS\system32\divx.dll
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 12:12:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 12:12:51 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-17 03:36:41 ----D---- C:\Documents and Settings\Andy\Application Data\CyberLink
2008-09-16 20:06:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-16 19:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2008-09-16 19:43:27 ----A---- C:\WINDOWS\system32\ReWire.dll
2008-09-16 15:35:31 ----D---- C:\Documents and Settings\Andy\Application Data\Steinberg
2008-09-16 15:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-09-16 15:31:49 ----A---- C:\WINDOWS\system32\Synsopos.exe
2008-09-16 15:31:48 ----D---- C:\Program Files\Syncrosoft
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SynsoLChk.dll
2008-09-16 15:31:48 ----A---- C:\WINDOWS\system32\SYNSOACC.dll
2008-09-16 12:05:50 ----D---- C:\Program Files\US122
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A24.dll
2008-09-16 12:05:50 ----A---- C:\WINDOWS\system32\U122_A16.dll
2008-09-15 21:49:38 ----D---- C:\Documents and Settings\Andy\Application Data\WinRAR
2008-09-15 21:49:16 ----D---- C:\Program Files\WinRAR
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\Andy\Application Data\Propellerhead Software
2008-09-15 16:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-09-15 16:14:48 ----D---- C:\Program Files\Recycle
2008-09-15 16:13:50 ----A---- C:\WINDOWS\LOOP.exe
2008-09-11 19:58:04 ----D---- C:\Documents and Settings\Andy\Application Data\Yahoo!
2008-09-11 19:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-11 19:44:37 ----A---- C:\YServer.txt
2008-09-11 19:44:29 ----D---- C:\Program Files\Yahoo!
2008-09-11 19:27:28 ----D---- C:\Documents and Settings\Andy\Application Data\Macromedia
2008-09-11 19:26:30 ----D---- C:\Documents and Settings\Andy\Application Data\Adobe
2008-09-11 11:33:42 ----D---- C:\Documents and Settings\Andy\Application Data\BitTorrent
2008-09-11 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-11 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-11 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-11 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-11 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-11 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-11 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-11 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 17:20:59 ----ASH---- C:\Documents and Settings\Andy\Application Data\DESKTOP.INI
2008-09-10 17:20:44 ----SD---- C:\Documents and Settings\Andy\Application Data\Microsoft
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sun
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Sonic
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Jasc Software Inc
2008-09-10 17:20:44 ----D---- C:\Documents and Settings\Andy\Application Data\Identities
2008-09-10 12:21:26 ----D---- C:\Program Files\DNA
2008-09-10 12:21:25 ----D---- C:\Program Files\BitTorrent
2008-09-10 12:07:19 ----D---- C:\WINDOWS\pss
2008-08-07 17:30:08 ----SHD---- C:\$RECYCLE.BIN
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-13 15:47:54 ----A---- C:\WINDOWS\system32\java.exe

TMFAH · 2008/10/11

Logfile 2/2

======List of files/folders modified in the last 3 months======

2008-10-11 09:48:53 ----RD---- C:\Program Files
2008-10-11 03:12:56 ----D---- C:\WINDOWS
2008-10-06 08:58:04 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-06 08:29:44 ----D---- C:\Program Files\Common Files
2008-10-06 02:01:55 ----D---- C:\WINDOWS\system32\Restore
2008-10-06 01:50:47 ----D---- C:\WINDOWS\SYSTEM
2008-10-06 00:30:57 ----SHD---- C:\WINDOWS\Installer
2008-10-05 23:50:20 ----D---- C:\WINDOWS\SYSTEM32
2008-10-05 23:49:56 ----SHD---- C:\RECYCLER
2008-10-05 23:24:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 15:18:49 ----A---- C:\WINDOWS\system.ini
2008-10-05 15:17:45 ----D---- C:\WINDOWS\system32\CONFIG
2008-10-05 15:17:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 15:16:25 ----D---- C:\WINDOWS\AppPatch
2008-10-05 13:10:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-03 13:21:35 ----D---- C:\Documents and Settings
2008-10-03 03:32:09 ----HD---- C:\WINDOWS\INF
2008-10-03 03:04:59 ----RASH---- C:\BOOT.INI
2008-10-03 03:04:59 ----A---- C:\WINDOWS\WIN.INI
2008-10-02 05:02:59 ----D---- C:\WINDOWS\Debug
2008-10-02 04:35:42 ----SHD---- C:\System Volume Information
2008-10-02 00:25:21 ----D---- C:\WINDOWS\Registration
2008-10-01 20:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-01 20:15:36 ----D---- C:\Program Files\Internet Explorer
2008-10-01 12:28:39 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 07:32:02 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-30 22:51:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-30 22:45:47 ----D---- C:\WINDOWS\system32\Setup
2008-09-30 22:45:46 ----D---- C:\WINDOWS\system32\WBEM
2008-09-30 22:45:45 ----RSD---- C:\WINDOWS\Fonts
2008-09-30 18:38:33 ----D---- C:\WINDOWS\SECURITY
2008-09-30 18:35:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 18:32:55 ----D---- C:\Program Files\Messenger
2008-09-30 18:28:37 ----D---- C:\WINDOWS\WinSxS
2008-09-30 18:28:28 ----D---- C:\WINDOWS\IME
2008-09-30 18:28:27 ----D---- C:\WINDOWS\Help
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\USMT
2008-09-30 18:28:13 ----D---- C:\WINDOWS\system32\en-US
2008-09-30 18:28:09 ----D---- C:\WINDOWS\PeerNet
2008-09-30 18:28:09 ----D---- C:\Program Files\Movie Maker
2008-09-30 18:25:33 ----D---- C:\WINDOWS\system32\NPP
2008-09-30 18:25:31 ----D---- C:\WINDOWS\MSAGENT
2008-09-30 18:25:30 ----D---- C:\WINDOWS\SRCHASST
2008-09-30 18:25:27 ----D---- C:\Program Files\NetMeeting
2008-09-30 18:25:26 ----D---- C:\WINDOWS\system32\Com
2008-09-30 18:25:23 ----D---- C:\Program Files\Windows Media Player
2008-09-30 18:25:22 ----D---- C:\Program Files\Windows NT
2008-09-30 18:25:22 ----D---- C:\Program Files\Outlook Express
2008-09-30 18:25:19 ----D---- C:\Program Files\Common Files\System
2008-09-30 18:24:55 ----D---- C:\WINDOWS\system32\OOBE
2008-09-30 18:21:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-28 12:42:15 ----D---- C:\I386
2008-09-26 10:13:42 ----D---- C:\Program Files\Online Services
2008-09-26 10:13:37 ----D---- C:\WINDOWS\Cursors
2008-09-26 10:13:16 ----D---- C:\WINDOWS\ADDINS
2008-09-26 08:56:17 ----D---- C:\Program Files\Java
2008-09-26 08:51:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-26 08:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-26 08:26:08 ----D---- C:\Program Files\Dell Support Center
2008-09-26 03:09:06 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-09-16 20:06:14 ----D---- C:\Program Files\Adobe
2008-09-16 20:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-16 20:05:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-15 20:55:44 ----D---- C:\WINDOWS\system32\Macromed
2008-09-11 19:25:25 ----D---- C:\WINDOWS\system32\Adobe
2008-09-10 17:13:00 ----A---- C:\WINDOWS\QUICKEN.INI
2008-09-10 17:11:00 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-10 17:10:15 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-09-10 17:06:20 ----D---- C:\Program Files\Viewpoint
2008-09-10 17:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-10 17:04:06 ----D---- C:\Program Files\MUSICMATCH
2008-09-10 17:02:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-10 16:59:48 ----SD---- C:\WINDOWS\Tasks
2008-09-10 16:59:26 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-10 16:57:43 ----D---- C:\WINDOWS\occache
2008-09-10 16:56:33 ----D---- C:\Program Files\Easy Upload Tools
2008-09-10 16:56:27 ----D---- C:\Program Files\Google
2008-09-10 16:56:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-10 16:54:19 ----D---- C:\DELL
2008-09-10 16:52:49 ----D---- C:\WINDOWS\TWAIN_32
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-03 16:16:35 ----A---- C:\WINDOWS\ulead32.ini
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2007-08-29 131968]
R3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\FomboCix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2007-08-29 18304]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

TMFAH · 2008/10/11

info.txt logfile of random's system information tool 1.04 2008-10-11 09:58:19

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only)--> "C:\Documents and Settings\Andy\Desktop\CCleaner\uninst.exe "
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 4.1.7--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Malwarebytes' Anti-Malware--> "C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware\unins000.exe "
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 4.0.1--> "C:\Program Files\Propellerhead\Reason4.0\Uninstall Reason\unins000.exe "
ReCycle v2.1-->C:\PROGRA~1\Recycle\UNWISE.EXE C:\PROGRA~1\Recycle\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Sonic Foundry ACID 4.0-->MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
US122 Driver 3.40--> "C:\Program Files\US122\unins000.exe "
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: McAfee VirusScan Enterprise

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Sonic Shared
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION "=0304
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"VSEDEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR "=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------

Log in or Sign up

Inactive [InActive] I am unable to open regedit or the taskmanager

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

PeteC SuperGeek Staff

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive [InActive] I am unable to open regedit or the taskmanager

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

PeteC SuperGeek Staff

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

noahdfear Inactive

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

TMFAH Inactive Thread Starter

Share This Page

Useful Searches