Author Topic: Yoog, Zlob, Bad Image, Windows firewall! (Read 1276 times)

Enid · « **on:** December 11, 2008, 12:32:14 AM »

Hello (FYI letter j"q"lm, not worqing. Will sub with: q)
This is the first time I've posted to a forum. I need a lot of help for my Dell Laptop running XP SP2 (recently downloaded SP3).
I've had spyware issues before and was able to remove. Not too long ago I may have contracted a virus from Limewire. After some research, my description lead me to Smitfraud. I followed a post on smitfraud removal.

Directed to download:
Smitfraudfix
RogueRemover
Hijacqthis
CCleaner

Smitfraud seemed to be removed.
I'm not sure if I've just contracted more problems. My firewall is disabled and won't start.
I get "Bad Image" error messages for almost every application started. These error messages won't let me start some applications.
When trying to run MSConfig I get a system error message that reads "MSConfig caused system failure." If I clicq oq, all programs and Windows shut down (otherwise seems to run fine).

Recently ran CCleaner. It got rid of some of the crazyness.
I'm having the same Yoog problem as the other posts.
I get a "Security Center Alert" for Trojan.Zlob.G. It says Windows firewall has blocqed the software which is obviously false because I can't get the firewall started. Please Help! Anywhere you would liqe to start is fine with me! Let me qnow if there is something else I need to do before I can get help.
Thanqs

Logfile of HijackThis v1.99.1
Scan saved at 12:30:02 AM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Enid\Desktop\HijackThis.exe

O2 - BHO: (no name) - {090bff3e-d965-4b21-b4c8-8c87e0ee80f4} - C:\WINDOWS\system32\sibogaya.dll
O2 - BHO: globaladsolution - {12070643-2ea6-b1e0-b551-c71d56167f4f} - C:\WINDOWS\system32\nsc25.dll
O2 - BHO: (no name) - {2E784496-EB0D-432D-9944-1ACA24E06A13} - (no file)
O2 - BHO: {401b3249-d81e-0aab-ad84-f888dc4aff83} - {38ffa4cd-888f-48da-baa0-e18d9423b104} - C:\WINDOWS\system32\znkbog.dll
O2 - BHO: (no name) - {4A43E696-8081-4168-9C49-54519E63A55D} - C:\WINDOWS\system32\ssqQKCrS.dll
O2 - BHO: (no name) - {5BD9D498-BD15-7EA7-457B-B52A4E8DB354} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\iifgEvTN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: GrandBar IE Helper - {84BA8988-33E1-4c89-A150-BF428E8D3213} - C:\Program Files\GrandPack\GrandPack.dll (file missing)
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [kitiwokuka] Rundll32.exe "C:\WINDOWS\system32\hesanebo.dll",s
O4 - HKLM\..\Run: [c0882aba] rundll32.exe "C:\WINDOWS\system32\ekheecce.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/downloads/toolbar/webinstall.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173090023
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.89.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.scn-chat.com/includes/MSNChat45.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\dizeluvo.dll,C:\WINDOWS\system32\vufeguja.dll znkbog.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifgEvTN - C:\WINDOWS\SYSTEM32\iifgEvTN.dll
O20 - Winlogon Notify: opnolIYs - opnolIYs.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

guestolo · « **Reply #1 on:** December 11, 2008, 12:49:15 AM »

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

--------------------------------------------------------------------
[color=\"#2E8B57\"]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with some tools[/color]

Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combo-Fix.txt in your next reply

Enid · « **Reply #2 on:** December 11, 2008, 01:23:33 AM »

I can't seem to get my hands on ComboFix.exe. When the linqs you provided are clicqed I get a false connection error. I tried downloading through DAP with the URL. Also tried "Save Target". Any other suggestions besides getting it from another computer?

guestolo · « **Reply #3 on:** December 11, 2008, 01:36:52 AM »

Are you around right now, I'll upload a copy here
But only if your going to grab it right away

Enid · « **Reply #4 on:** December 11, 2008, 01:40:59 AM »

[quote name=\'guestolo\' post=\'449789\' date=\'Dec 11 2008, 01:36 AM\']Are you around right now, I'll upload a copy here
But only if your going to grab it right away[/quote]

I'll be waiting. Thanqs

guestolo · « **Reply #5 on:** December 11, 2008, 01:48:33 AM »

I'm trying something here, not sure if it will work
I've uploaded a file called Combo-Fix.txt

Ensure you can see file extensions
Click START>>MyComputer>>Tools>>Folder Options>>View
Untick "Hide Extensions for know file types"
Apply and OK it

When downloading that file, you may have to right click on it and use Save link as... if using Firefox
Note the download size, it shoud be the same on your end after you have downloaded it
Save this file ONLY to your Desktop
Right click on Combo-Fix.txt and rename the extension to .exe
So now you have
Combo-Fix.exe
Left click an empty spot on desktop to set the name change and ok the prompt, then try and run it with previous instructions

NOTE: The forum changed the name to Combo_Fix.txt
Notice the underscore
Can you change the name to Combo-Fix.exe please
Notice the dash

Edit>>Remove Attachment

Enid · « **Reply #6 on:** December 11, 2008, 01:55:34 AM »

alright i was able to download it. I will proceed with your previous instructions.

guestolo · « **Reply #7 on:** December 11, 2008, 01:56:33 AM »

Did you see my extra NOTE:
I had to edit my last post

Enid · « **Reply #8 on:** December 11, 2008, 02:44:02 AM »

ComboFix 08-12-09.03 - Enid 2008-12-11 2:17:25.1 - NTFSx86

Running from: c:\documents and settings\Enid\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\C4A2E1B7.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Enid\Application Data\Facegame
c:\documents and settings\Enid\Application Data\gadcom
c:\documents and settings\Enid\Application Data\GetModule
c:\documents and settings\Enid\Application Data\GetModule\dicik.gz
c:\documents and settings\Enid\Application Data\GetModule\kwdik.gz
c:\documents and settings\Enid\Application Data\GetModule\ofadik.gz
c:\documents and settings\Enid\Application Data\Google\kjzna1562565.exe
c:\documents and settings\Enid\Application Data\Google\spcffwl.dll
c:\program files\Common Files\{30882~1
c:\program files\Common Files\{30882~1\888Bar.dll
c:\program files\Common Files\{30882~1\MyToolBar.dll
c:\program files\Common Files\{C0882~1
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.89\dinerdash.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\emMON.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\afpwdqqp.ini
c:\windows\system32\bikydsce.dll
c:\windows\system32\biserano.dll
c:\windows\system32\ceiqkv.dll
c:\windows\system32\celbra.dll
c:\windows\system32\dizeluvo.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ecceehke.ini
c:\windows\system32\ecsdykib.ini
c:\windows\system32\ekheecce.dll
c:\windows\system32\fbdlhaae.dll
c:\windows\system32\flsscoef.dll
c:\windows\system32\fMlUuBeg.ini
c:\windows\system32\fMlUuBeg.ini2
c:\windows\system32\gozalete.dll
c:\windows\system32\hesanebo.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\iifgEvTN.dll
c:\windows\system32\khfFYOhE.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nejofega.dll
c:\windows\system32\nobetalu.dll
c:\windows\system32\noweripe.dll
c:\windows\system32\nvbrrdeg.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\pqqdwpfa.dll
c:\windows\system32\Process.exe
c:\windows\system32\sibogaya.dll
c:\windows\system32\smwin32.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\SrCKQqss.ini
c:\windows\system32\SrCKQqss.ini2
c:\windows\system32\ssqQKCrS.dll
c:\windows\system32\tikiyabu.dll
c:\windows\system32\tmp.reg
c:\windows\system32\usyrkn.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vufeguja.dll
c:\windows\system32\wini10821.exe
c:\windows\system32\wpv087.cpx
c:\windows\system32\wpv257.cpx
c:\windows\system32\wpv761228549885.cpx
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xasrbtje.dll
c:\windows\system32\znkbog.dll
c:\windows\Tasks\vnvdbbzc.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Legacy_SYSTEM
-------\Service_system

((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-11 02:08 . 2008-12-11 02:09   <DIR>   d--------   C:\32788R22FWJFW
2008-12-07 13:24 . 2008-12-07 13:28   102,176   --a------   c:\windows\system32\cont_globaladsolution-remove.exe
2008-12-07 13:24 . 2008-12-07 13:24   47,596   --a------   c:\windows\system32\anpzcmonoez.exe
2008-12-05 23:01 . 2008-12-05 23:01   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-05 23:01 . 2008-07-04 01:34   860,160   --a------   c:\windows\system32\lameACM.acm
2008-12-05 23:01 . 2008-01-10 07:15   755,027   --a------   c:\windows\system32\xvidcore.dll
2008-12-05 23:01 . 2004-01-25 11:18   217,088   --a------   c:\windows\system32\yv12vfw.dll
2008-12-05 23:01 . 2007-09-04 11:56   164,352   --a------   c:\windows\system32\unrar.dll
2008-12-05 23:01 . 2008-01-10 07:16   159,839   --a------   c:\windows\system32\xvidvfw.dll
2008-12-05 23:01 . 2007-09-20 19:52   118,784   --a------   c:\windows\system32\ac3acm.acm
2008-12-05 23:01 . 2008-06-12 13:36   7,680   --a------   c:\windows\system32\ff_vfw.dll
2008-12-05 23:01 . 2007-07-10 11:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2008-12-05 23:01 . 2007-10-03 10:03   414   --a------   c:\windows\system32\lame_acm.xml
2008-12-05 23:01 . 2008-07-30 14:09   38   --a------   c:\windows\avisplitter.ini
2008-12-05 22:34 . 2008-08-14 05:11   2,189,184   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 22:34 . 2008-08-14 05:09   2,145,280   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 22:34 . 2008-08-14 04:33   2,066,048   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 22:34 . 2008-08-14 04:33   2,023,936   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 22:34 . 2008-09-15 07:12   1,846,400   ---------   c:\windows\system32\dllcache\win32k.sys
2008-12-05 22:34 . 2008-04-11 14:04   691,712   ---------   c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 22:34 . 2008-09-08 05:41   333,824   ---------   c:\windows\system32\dllcache\srv.sys
2008-12-05 22:34 . 2008-06-13 06:05   272,128   ---------   c:\windows\system32\dllcache\bthport.sys
2008-12-05 22:34 . 2008-05-08 09:02   203,136   ---------   c:\windows\system32\dllcache\rmcast.sys
2008-12-05 22:34 . 2008-08-14 05:04   138,496   ---------   c:\windows\system32\dllcache\afd.sys
2008-12-05 22:25 . 2008-12-05 22:25   2,973   --a------   c:\windows\system32\spupdsvc.inf
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\scripting
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\en
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\bits
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\l2schemas
2008-12-05 22:16 . 2008-12-05 22:16   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-02 12:19 . 2008-12-02 12:19   673,792   --a------   c:\windows\system32\nsc25.dll
2008-11-30 23:48 . 2008-10-24 06:21   455,296   ---------   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 23:48 . 2008-10-15 11:34   337,408   ---------   c:\windows\system32\dllcache\netapi32.dll
2008-11-30 20:18 . 2008-11-30 20:19   <DIR>   d--------   c:\documents and settings\Enid\Application Data\Move Networks
2008-11-24 20:51 . 2008-11-24 20:51   <DIR>   d--------   c:\program files\Microsoft ActiveSync
2008-11-23 21:55 . 2008-11-24 20:55   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 06:13   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 13:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg7
2008-12-08 01:47   ---------   d-----w   c:\documents and settings\Enid\Application Data\Azureus
2008-12-08 00:51   ---------   d-----w   c:\documents and settings\Enid\Application Data\AVG7
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\Apple Computer
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\AdobeUM
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\acccore
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\ACAMPREF
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\.BitTornado
2008-11-09 10:06   ---------   d-----w   c:\program files\LimeWire
2008-11-07 04:19   ---------   d-----w   c:\program files\Java
2008-11-06 00:30   ---------   d-----w   c:\program files\SAGE
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 04:23   ---------   d-----w   c:\program files\FLV Player
2008-10-20 23:52   ---------   d-----w   c:\program files\CCleaner
2008-10-20 23:51   ---------   d-----w   c:\program files\RogueRemover FREE
2008-10-19 23:17   ---------   d-----w   c:\documents and settings\NetworkService\Application Data\AVG7
2008-10-11 22:11   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-01-16 13:34   22,328   ----a-w   c:\documents and settings\Enid\Application Data\PnkBstrK.sys
2007-06-03 19:10   49,400   -c--a-w   c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-04-14 00:53   49,400   ----a-w   c:\documents and settings\Enid\Application Data\GDIPFONTCACHEV1.DAT
2006-05-17 17:09   251   -c--a-w   c:\program files\wt3d.ini
2004-10-01 20:00   40,960   ----a-w   c:\program files\Uninstall_CDS.exe
2008-08-09 21:58   104   -csh--r   c:\windows\system32\9C9D6E59E0.sys
2007-10-30 05:02   88   --sh--r   c:\windows\system32\E0596E9D9C.sys
2008-08-09 21:58   7,518   --sha-w   c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12070643-2ea6-b1e0-b551-c71d56167f4f}]
2008-12-02 12:19   673792   --a------   c:\windows\system32\nsc25.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-21 590848]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-26 219136]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-29 5419008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-05-16 114688]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-10 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogpath326]
--a------ 2006-09-18 17:04 86016 c:\windows\VMSnap326.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 16:54 49152 c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-11-27 00:06 3335944 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2003-09-10 02:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-04 18:17 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\moove\\_adv.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 ecure;FireDaemon Service: ecure;c:\windows\Temp\FireDaemon.EXE []
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-08-16 26488]
S3 usbvm328;A4 Tech USB2.0 PC Camera F;c:\windows\system32\Drivers\usbvm326.sys [2007-01-19 348160]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2007-01-19 483072]
S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service []
S4 svchost1;FireDaemon Service: svchost1;c:\windows\Temp\FireDaemon.EXE []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-04-07 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE
\Shell\configure\command - D:\SETUP.EXE
\Shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - TDSSSERV.SYS
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AEC54B7B91D2C273.job
- c:\docume~1\enid\applic~1\mpegte~1\second size film.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{090bff3e-d965-4b21-b4c8-8c87e0ee80f4} - c:\windows\system32\sibogaya.dll
BHO-{2E784496-EB0D-432D-9944-1ACA24E06A13} - (no file)
BHO-{38ffa4cd-888f-48da-baa0-e18d9423b104} - c:\windows\system32\znkbog.dll
BHO-{5BD9D498-BD15-7EA7-457B-B52A4E8DB354} - (no file)
BHO-{D8419C66-349A-466F-8442-9D59E7047964} - c:\windows\system32\ssqQKCrS.dll
Notify-opnolIYs - opnolIYs.dll
MSConfigStartUp-kitiwokuka - c:\windows\system32\yasabetu.dll
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
MSConfigStartUp-Smax4 - c:\documents and settings\Enid\Application Data\Google\kjzna1562565.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: MWOL &Dictionary - c:\windows\_MWOLTB.DLL/23/219
IE: MWOL &Thesaurus - c:\windows\_MWOLTB.DLL/23/220

c:\windows\Downloaded Program Files\mwolinstaller.dll - O16 -: {3CF32649-D1C0-4F42-AB44-ED284748920B}
hxxp://www.m-w.com/downloads/toolbar/webinstall.cab
c:\windows\Downloaded Program Files\mwoltb.inf
FireFox -: Profile - c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 02:32:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\windows\system32\msiexec.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
.
**************************************************************************
.
Completion time: 2008-12-11 2:36:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-11 07:36:41

Pre-Run: 6,330,105,856 bytes free
Post-Run: 6,486,376,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

608   --- E O F ---   2008-12-07 16:47:36

Enid · « **Reply #9 on:** December 11, 2008, 02:56:37 AM »

After running Combofix:
"Bad Image" error messages gone
I was able to turn on my Windows Firewall
Internet Connection errors gone.
Targets provided in previous instructions are downloadable.
Security Alert for Trojan.Zlob.G is gone.

CAN I SAY "I LOVE YOU"? WHAT A RELIEF!

Yoog continues to set itself as my default search engine (IE)

What do we do next?

guestolo · « **Reply #10 on:** December 11, 2008, 03:14:44 AM »

I'm just on my way to bed, in the meantime
Can you do the following please, as I still see problems in your log

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log, can you do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please with the MBAM report
NOTE: You may get an error message posting back log.txt
If you do, can you upload it please
Use the Browse... and UPLOAD buttons on the bottom right of a reply box
A copy of log.txt can be found in the following folder
C:\rsit

Enid · « **Reply #11 on:** December 12, 2008, 12:53:59 AM »

Malwarebytes' Anti-Malware 1.31
Database version: 1491
Windows 5.1.2600 Service Pack 3

12/11/2008 11:05:27 PM
mbam-log-2008-12-11 (23-05-27).txt

Scan type: Quick Scan
Objects scanned: 60039
Time elapsed: 26 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\grandbar.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6dc16eeb-76bc-4940-98eb-efbcdacdceba} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fb9339cd-ed69-4c29-a73f-0d53f8246383} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b808c2b-7cc8-4f09-b60e-70d783f8ab29} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0b53283a-56b4-499e-bb48-ab3f118d3779} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e0b7a0c-eadd-4e5b-b0cf-7a9b7884de73} (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bb112471-9094-471b-92b0-931a40c42b98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GrandPack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\grandbar.band.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12070643-2ea6-b1e0-b551-c71d56167f4f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12070643-2ea6-b1e0-b551-c71d56167f4f} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Torrent101 (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\Torrent101\ZM (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\towefuzu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\temp\TDSS1d67.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSS3332.tmp (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\temp\TDSS3881.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSS3f86.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\TDSS4979.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Torrent101\Torrent101.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\nsc25.dll (Adware.BHO) -> Delete on reboot.

info.txt logfile of random's system information tool 1.04 2008-12-12 00:24:50

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F651C08B-D29D-429D-9EA9-8FAED1D3DB87}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4 Tech USB2.0 PC Camera F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2514B3FC-FD37-4455-9CB5-C450F5EB74AB}\setup.exe" -l0x9
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 7.0-->C:\WINDOWS\uninst.exe -f"C:\Adobe\Illustrator 7.0\DeIsL1.isu"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
capella-scan 6.1-->C:\Program Files\capella-software\capella-scan 6.1\uninstal.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
foobar2000 v0.9.4.3-->"C:\Program Files\foobar2000\uninstall.exe"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Internet Speed Monitor-->C:\Program Files\GrandPack\Uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(tm) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.6 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KWorld ATSC 310U BDA Drivers-->C:\WINDOWS\emunist.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 7300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxciUNST.EXE -NOLICENSE
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
LimeWire 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Merriam-Webster Online Toolbar-->C:\WINDOWS\system32\regsvr32.exe /u /s "C:\WINDOWS\_MWOLTB.DLL"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OMeR-->C:\Program Files\Omer\Uninstal\Uninstal.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PCDJ Blue-->C:\PROGRA~1\VISIOS~1\PCDJBL~1\UNWISE.EXE C:\PROGRA~1\VISIOS~1\PCDJBL~1\INSTALL.LOG
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
Peachtree Complete Accounting Educational Version 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AEB6AA51-837C-446D-8D17-1F4668647C71}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Presto! Forms 3.50.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 anything
Presto! PageManager 7.12.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RON Tool Globaladsolution-->C:\WINDOWS\system32\anpzcmonoez.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAGE-Online-->MsiExec.exe /X{A310CA85-AACA-11D5-91C4-00A0CC5BB661}
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vivaldi Plus Via Web (English Version)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF025B86-3F4F-465E-80E0-64646EE46D40}\Setup.exe" -l0x9
Vivaldi Scan Via Web (English Version)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46EACF0C-DD71-4FFA-8D46-89C59F4CAB80}\setup.exe" -l0x9
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA Digital Music Notebook-->MsiExec.exe /X{D2EF6D61-EB17-461C-B3AB-24ED025C37C8}

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-12 00:24:50

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F651C08B-D29D-429D-9EA9-8FAED1D3DB87}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A4 Tech USB2.0 PC Camera F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2514B3FC-FD37-4455-9CB5-C450F5EB74AB}\setup.exe" -l0x9
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 7.0-->C:\WINDOWS\uninst.exe -f"C:\Adobe\Illustrator 7.0\DeIsL1.isu"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
capella-scan 6.1-->C:\Program Files\capella-software\capella-scan 6.1\uninstal.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
foobar2000 v0.9.4.3-->"C:\Program Files\foobar2000\uninstall.exe"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Internet Speed Monitor-->C:\Program Files\GrandPack\Uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(tm) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.6 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KWorld ATSC 310U BDA Drivers-->C:\WINDOWS\emunist.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 7300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxciUNST.EXE -NOLICENSE
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
LimeWire 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Merriam-Webster Online Toolbar-->C:\WINDOWS\system32\regsvr32.exe /u /s "C:\WINDOWS\_MWOLTB.DLL"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OMeR-->C:\Program Files\Omer\Uninstal\Uninstal.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PCDJ Blue-->C:\PROGRA~1\VISIOS~1\PCDJBL~1\UNWISE.EXE C:\PROGRA~1\VISIOS~1\PCDJBL~1\INSTALL.LOG
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
Peachtree Complete Accounting Educational Version 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AEB6AA51-837C-446D-8D17-1F4668647C71}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Presto! Forms 3.50.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 anything
Presto! PageManager 7.12.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RON Tool Globaladsolution-->C:\WINDOWS\system32\anpzcmonoez.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAGE-Online-->MsiExec.exe /X{A310CA85-AACA-11D5-91C4-00A0CC5BB661}
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vivaldi Plus Via Web (English Version)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF025B86-3F4F-465E-80E0-64646EE46D40}\Setup.exe" -l0x9
Vivaldi Scan Via Web (English Version)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46EACF0C-DD71-4FFA-8D46-89C59F4CAB80}\setup.exe" -l0x9
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA Digital Music Notebook-->MsiExec.exe /X{D2EF6D61-EB17-461C-B3AB-24ED025C37C8}

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

guestolo · « **Reply #12 on:** December 12, 2008, 01:14:14 AM »

Can you try the following
Access your Add and Remove Programs
Remove all the following ( If you can)
Supply verification code and click Uninstall if prompted

RON Tool Globaladsolution
Internet Speed Monitor

Continue removing all the following
Don't reboot if prompted till all are removed
Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Javaâ„¢ 6 Update 7

Now reboot your computer

Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
Click the "Download" button to the right.
In the Window that opens, select Windows, next to the drop down box Platform:>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.

Come back here
Run a fresh scan with RSIT.exe and ONLY post the log from Log.txt
You posted the info.txt and that's it last time

Enid · « **Reply #13 on:** December 12, 2008, 06:51:43 PM »

Logfile of random's system information tool 1.04 (written by random/random)
Run by Enid at 2008-12-12 19:01:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (18%) free of 32 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:40 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Enid\Desktop\RSIT.exe
C:\Program Files\trend micro\Enid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/downloads/toolbar/webinstall.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148173090023
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.scn-chat.com/includes/MSNChat45.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab53083.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9603 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AEC54B7B91D2C273.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - Merriam-Webster Online - C:\WINDOWS\_MWOLTB.DLL [2006-12-01 385024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-01-09 417792]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-15 839680]
"CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-21 590848]
"lxcimon.exe"=C:\Program Files\Lexmark 7300 Series\lxcimon.exe [2005-09-30 200704]
"EzPrint"=C:\Program Files\Lexmark 7300 Series\ezprint.exe [2005-08-01 94208]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogpath326]
C:\WINDOWS\VMSnap326.exe [2006-09-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.exe [2006-06-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE [2006-11-27 3335944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-11-04 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
C:\PROGRA~1\KWORLD~1\ATSC31~1\EMRCtl.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe

C:\Documents and Settings\Enid\Start Menu\Programs\Startup
E-mail.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe"="C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\Program Files\Macromedia\Flash MX\Flash.exe"="C:\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windowsï¿½ NetMeetingï¿½"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\moove\_adv.exe"="C:\moove\_adv.exe:*:Enabled:Roomancer - moove Online World Client"
"C:\Program Files\Palm\Hotsync.exe"="C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSyncï¿½ Manager Application"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\SETUP.EXE
shell\configure\command - D:\SETUP.EXE
shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

======List of files/folders created in the last 3 months======

2008-12-12 18:30:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 18:30:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 18:30:58 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 18:30:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 18:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 18:05:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-12 18:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 18:02:53 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 18:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 00:24:30 ----D---- C:\Program Files\trend micro
2008-12-12 00:24:29 ----D---- C:\rsit
2008-12-11 22:34:51 ----D---- C:\Documents and Settings\Enid\Application Data\Malwarebytes
2008-12-11 22:34:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 22:34:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 02:36:53 ----A---- C:\ComboFix.txt
2008-12-11 02:25:16 ----D---- C:\WINDOWS\temp
2008-12-11 02:14:02 ----A---- C:\Boot.bak
2008-12-11 02:13:50 ----RASHD---- C:\cmdcons
2008-12-11 02:10:17 ----A---- C:\WINDOWS\zip.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\VFIND.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\SWSC.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\SWREG.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\sed.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\grep.exe
2008-12-11 02:10:17 ----A---- C:\WINDOWS\fdsv.exe
2008-12-11 02:08:51 ----D---- C:\32788R22FWJFW
2008-12-11 01:57:57 ----D---- C:\WINDOWS\ERDNT
2008-12-11 01:57:57 ----D---- C:\Qoobox
2008-12-10 01:41:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 01:30:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-07 13:24:01 ----D---- C:\WINDOWS\Prefetch
2008-12-05 23:01:27 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-05 23:01:26 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-05 23:01:24 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-05 23:01:24 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-05 23:01:23 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-05 23:01:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-05 23:01:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-05 23:01:21 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-05 22:19:55 ----D---- C:\WINDOWS\system32\scripting
2008-12-05 22:19:55 ----D---- C:\WINDOWS\l2schemas
2008-12-05 22:19:53 ----D---- C:\WINDOWS\system32\en
2008-12-05 22:19:53 ----D---- C:\WINDOWS\system32\bits
2008-12-05 22:16:45 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-05 22:08:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-30 20:18:05 ----D---- C:\Documents and Settings\Enid\Application Data\Move Networks
2008-11-24 20:51:59 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-23 21:55:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-11 23:07:57 ----A---- C:\WINDOWS\system32\cbabeec4-.txt
2008-11-09 11:04:30 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-09 11:04:29 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-05 21:29:37 ----D---- C:\WINDOWS\system32\Adobe
2008-11-05 19:30:20 ----D---- C:\Program Files\SAGE
2008-10-23 23:23:22 ----D---- C:\Program Files\FLV Player
2008-10-20 23:02:46 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-20 21:38:57 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-20 21:14:58 ----D---- C:\!KillBox
2008-10-20 19:23:42 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-20 19:23:35 ----A---- C:\rapport.txt
2008-10-20 19:22:53 ----D---- C:\WINDOWS\system32\SmitfraudFix
2008-10-20 19:19:04 ----A---- C:\smitfiles.txt
2008-10-20 18:54:00 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-20 18:52:08 ----D---- C:\Program Files\CCleaner
2008-10-20 18:51:55 ----D---- C:\Program Files\RogueRemover FREE
2008-10-20 18:51:04 ----D---- C:\SmitRem
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-12 18:31:02 ----SHD---- C:\WINDOWS\Installer
2008-12-12 18:31:02 ----D---- C:\Config.Msi
2008-12-12 18:30:58 ----D---- C:\WINDOWS\system32
2008-12-12 18:30:37 ----D---- C:\Program Files\Java
2008-12-12 18:26:54 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 18:22:52 ----D---- C:\WINDOWS
2008-12-12 18:20:15 ----D---- C:\Program Files\Internet Explorer
2008-12-12 18:18:08 ----D---- C:\Program Files\Common Files
2008-12-12 18:12:56 ----D---- C:\Program Files
2008-12-12 18:10:37 ----HD---- C:\WINDOWS\inf
2008-12-12 18:08:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-12 18:08:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 18:05:16 ----D---- C:\WINDOWS\Debug
2008-12-12 18:00:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 23:08:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-11 23:07:09 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 02:32:53 ----A---- C:\WINDOWS\system.ini
2008-12-11 02:29:47 ----D---- C:\WINDOWS\system32\config
2008-12-11 02:22:00 ----D---- C:\WINDOWS\AppPatch
2008-12-11 02:21:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 02:21:19 ----SD---- C:\WINDOWS\Tasks
2008-12-11 02:19:06 ----D---- C:\Documents and Settings\Enid\Application Data\Google
2008-12-11 02:14:02 ----RASH---- C:\boot. ini
2008-12-10 22:50:20 ----A---- C:\WINDOWS\win.ini
2008-12-10 01:13:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 00:24:06 ----RHD---- C:\$VAULT$.AVG
2008-12-08 22:49:58 ----A---- C:\WINDOWS\lgfwup.ini
2008-12-07 20:47:06 ----D---- C:\Documents and Settings\Enid\Application Data\Azureus
2008-12-07 19:51:11 ----D---- C:\Documents and Settings\Enid\Application Data\AVG7
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\Apple Computer
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\AdobeUM
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\Adobe
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\acccore
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\ACAMPREF
2008-12-07 15:24:33 ----D---- C:\Documents and Settings\Enid\Application Data\.BitTornado
2008-12-05 23:04:17 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-05 22:38:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-05 22:38:09 ----D---- C:\Program Files\Messenger
2008-12-05 22:27:55 ----D---- C:\WINDOWS\system32\wbem
2008-12-05 22:27:55 ----D---- C:\WINDOWS\system32\Setup
2008-12-05 22:27:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-05 22:26:59 ----D---- C:\WINDOWS\security
2008-12-05 22:20:32 ----D---- C:\WINDOWS\WinSxS
2008-12-05 22:20:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-05 22:20:12 ----D---- C:\WINDOWS\network diagnostic
2008-12-05 22:20:12 ----D---- C:\WINDOWS\Help
2008-12-05 22:20:11 ----D---- C:\WINDOWS\ime
2008-12-05 22:19:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-05 22:19:56 ----D---- C:\WINDOWS\system32\en-US
2008-12-05 22:19:53 ----D---- C:\WINDOWS\PeerNet
2008-12-05 22:19:53 ----D---- C:\Program Files\Movie Maker
2008-12-05 22:16:31 ----D---- C:\WINDOWS\system32\Restore
2008-12-05 22:16:31 ----D---- C:\WINDOWS\system32\npp
2008-12-05 22:16:31 ----D---- C:\WINDOWS\mui
2008-12-05 22:16:30 ----D---- C:\WINDOWS\msagent
2008-12-05 22:16:28 ----D---- C:\WINDOWS\srchasst
2008-12-05 22:16:27 ----D---- C:\Program Files\NetMeeting
2008-12-05 22:16:25 ----D---- C:\WINDOWS\system32\Com
2008-12-05 22:16:22 ----D---- C:\Program Files\Windows NT
2008-12-05 22:16:21 ----D---- C:\Program Files\Outlook Express
2008-12-05 22:16:17 ----D---- C:\Program Files\Common Files\System
2008-12-05 22:15:59 ----D---- C:\WINDOWS\system32\oobe
2008-12-05 22:15:56 ----D---- C:\WINDOWS\system
2008-12-05 22:11:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-05 22:08:02 ----D---- C:\WINDOWS\ehome
2008-12-01 00:08:07 ----D---- C:\WINDOWS\Registration
2008-11-24 20:55:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-24 20:55:05 ----D---- C:\Program Files\Microsoft Office
2008-11-24 20:54:27 ----D---- C:\WINDOWS\ShellNew
2008-11-09 05:06:33 ----D---- C:\Program Files\LimeWire
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 19:39:45 ----D---- C:\WINDOWS\Minidump
2008-10-19 19:14:26 ----SHD---- C:\System Volume Information
2008-10-19 18:11:34 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-12 21:41:11 ----AC---- C:\WINDOWS\wininit.ini
2008-10-11 23:18:21 ----D---- C:\WINDOWS\wt
2008-10-11 17:11:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-02-12 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-25 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-01-09 1099304]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 emAudio;USB EMP Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2005-11-01 20736]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-25 16694]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USB28xxBGA;USB 2881 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-04-25 276480]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-04-05 7296]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvm328;A4 Tech USB2.0 PC Camera F; C:\WINDOWS\System32\Drivers\usbvm326.sys [2006-12-30 348160]
S3 vmfilter326;326 MRD filter service; C:\WINDOWS\system32\drivers\vmfilter326.sys [2006-10-30 483072]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-26 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-02-12 49664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-15 380928]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S2 ecure;FireDaemon Service: ecure; C:\WINDOWS\Temp\FireDaemon.EXE []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
S4 lxci_device;lxci_device; C:\WINDOWS\system32\lxcicoms.exe [2005-10-24 491520]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S4 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-16 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-01-16 103736]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S4 svchost1;FireDaemon Service: svchost1; C:\WINDOWS\Temp\FireDaemon.EXE []
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

guestolo · « **Reply #14 on:** December 13, 2008, 12:04:42 PM »

Can you do the following please
Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.

Save it to your desktop.
Double-click OTMoveIt3.exe to run it.
Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000FF\"]
:Processes
explorer.exe
:Services
ecure
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
:Files
C:\WINDOWS\tasks\AEC54B7B91D2C273.job
c:\docume~1\enid\applic~1\mpegte~1
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

I'll need to see that log
With that log, can you also post the following
download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color]
[color=\"red\"]Link 2[/color]
[color=\"red\"]Link 3[/color]

Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:

Code: [Select]

C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default

Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

In addition, can you ensure that Windows is set to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

There's a bit of info to post back, if you need to use more than one reply, do so

Enid · « **Reply #15 on:** December 13, 2008, 01:25:12 PM »

[quote name=\'guestolo\' post=\'450216\' date=\'Dec 13 2008, 12:04 PM\']Can you do the following please
Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.

Save it to your desktop.
Double-click OTMoveIt3.exe to run it.
Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
[color=\"#0000ff\"]
:Processes
explorer.exe
:Services
ecure
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
:Files
C:\WINDOWS\tasks\AEC54B7B91D2C273.job
c:\docume~1\enid\applic~1\mpegte~1
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

I'll need to see that log
With that log, can you also post the following
download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color]
[color=\"red\"]Link 2[/color]
[color=\"red\"]Link 3[/color]

Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:

Code: [Select]

C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default

Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

In addition, can you ensure that Windows is set to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

There's a bit of info to post back, if you need to use more than one reply, do so[/quote]

It's giving me an error message : OTMoveIt3.exe is not a valid win32 application.

guestolo · « **Reply #16 on:** December 13, 2008, 02:02:13 PM »

Delete your copy of ComboFix from desktop
Then, Redownload a fresh copy from one of the following locations, save it Only to your Desktop
Download ComboFix from one of these locations:
Don't rename it when downloading

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
[/list]

Don't run it yet
Instead,
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::

File::
C:\WINDOWS\tasks\AEC54B7B91D2C273.job
Folder::
c:\docume~1\enid\applic~1\mpegte~1
Driver::
ecure
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
DirLook::
C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
Post that log please

Enid · « **Reply #17 on:** December 13, 2008, 03:34:38 PM »

ComboFix 08-12-12.05 - Enid 2008-12-13 15:05:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.408 [GMT -5:00]
Running from: c:\documents and settings\Enid\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Enid\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\tasks\AEC54B7B91D2C273.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\enid\applic~1\mpegte~1
c:\docume~1\enid\applic~1\mpegte~1\B5838EC4
c:\windows\system32\ff_vfw.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\tasks\AEC54B7B91D2C273.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ECURE
-------\Legacy_TDSSSERV.SYS
-------\Service_ecure
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-12 20:01 . 2008-12-12 20:01   <DIR>   d--------   c:\program files\Microsoft Works
2008-12-12 19:22 . 2008-12-12 19:22   <DIR>   d--------   c:\program files\Microsoft ActiveSync
2008-12-12 18:30 . 2008-12-12 18:30   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-12 18:30 . 2008-12-12 18:30   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-12 18:02 . 2008-12-12 18:09   1,393   --a------   c:\windows\imsins.BAK
2008-12-12 00:24 . 2008-12-12 18:57   <DIR>   d--------   C:\rsit
2008-12-12 00:24 . 2008-12-12 19:01   <DIR>   d--------   c:\program files\trend micro
2008-12-11 22:34 . 2008-12-11 23:04   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-11 22:34 . 2008-12-11 22:34   <DIR>   d--------   c:\documents and settings\Enid\Application Data\Malwarebytes
2008-12-11 22:34 . 2008-12-11 22:34   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 22:34 . 2008-12-03 19:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 22:34 . 2008-12-03 19:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-05 23:01 . 2008-12-05 23:01   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-05 23:01 . 2008-07-04 01:34   860,160   --a------   c:\windows\system32\lameACM.acm
2008-12-05 23:01 . 2008-01-10 07:15   755,027   --a------   c:\windows\system32\xvidcore.dll
2008-12-05 23:01 . 2004-01-25 11:18   217,088   --a------   c:\windows\system32\yv12vfw.dll
2008-12-05 23:01 . 2007-09-04 11:56   164,352   --a------   c:\windows\system32\unrar.dll
2008-12-05 23:01 . 2008-01-10 07:16   159,839   --a------   c:\windows\system32\xvidvfw.dll
2008-12-05 23:01 . 2007-09-20 19:52   118,784   --a------   c:\windows\system32\ac3acm.acm
2008-12-05 23:01 . 2007-07-10 11:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2008-12-05 23:01 . 2007-10-03 10:03   414   --a------   c:\windows\system32\lame_acm.xml
2008-12-05 23:01 . 2008-07-30 14:09   38   --a------   c:\windows\avisplitter.ini
2008-12-05 22:34 . 2008-08-14 05:11   2,189,184   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 22:34 . 2008-08-14 05:09   2,145,280   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 22:34 . 2008-08-14 04:33   2,066,048   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 22:34 . 2008-08-14 04:33   2,023,936   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 22:34 . 2008-09-15 07:12   1,846,400   ---------   c:\windows\system32\dllcache\win32k.sys
2008-12-05 22:34 . 2008-04-11 14:04   691,712   ---------   c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 22:34 . 2008-09-08 05:41   333,824   ---------   c:\windows\system32\dllcache\srv.sys
2008-12-05 22:34 . 2008-06-13 06:05   272,128   ---------   c:\windows\system32\dllcache\bthport.sys
2008-12-05 22:34 . 2008-05-08 09:02   203,136   ---------   c:\windows\system32\dllcache\rmcast.sys
2008-12-05 22:34 . 2008-08-14 05:04   138,496   ---------   c:\windows\system32\dllcache\afd.sys
2008-12-05 22:25 . 2008-12-05 22:25   2,973   --a------   c:\windows\system32\spupdsvc.inf
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\scripting
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\en
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\system32\bits
2008-12-05 22:19 . 2008-12-05 22:19   <DIR>   d--------   c:\windows\l2schemas
2008-12-05 22:16 . 2008-12-05 22:16   <DIR>   d--------   c:\windows\ServicePackFiles
2008-11-30 23:48 . 2008-10-24 06:21   455,296   ---------   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 23:48 . 2008-10-15 11:34   337,408   ---------   c:\windows\system32\dllcache\netapi32.dll
2008-11-30 20:18 . 2008-11-30 20:19   <DIR>   d--------   c:\documents and settings\Enid\Application Data\Move Networks
2008-11-23 21:55 . 2008-12-13 12:01   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:30   ---------   d-----w   c:\program files\Java
2008-12-12 23:12   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-12 04:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg7
2008-12-10 06:13   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 01:47   ---------   d-----w   c:\documents and settings\Enid\Application Data\Azureus
2008-12-08 00:51   ---------   d-----w   c:\documents and settings\Enid\Application Data\AVG7
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\Apple Computer
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\AdobeUM
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\acccore
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\ACAMPREF
2008-12-07 20:24   ---------   d-----w   c:\documents and settings\Enid\Application Data\.BitTornado
2008-11-09 10:06   ---------   d-----w   c:\program files\LimeWire
2008-11-06 00:30   ---------   d-----w   c:\program files\SAGE
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 04:23   ---------   d-----w   c:\program files\FLV Player
2008-10-20 23:52   ---------   d-----w   c:\program files\CCleaner
2008-10-20 23:51   ---------   d-----w   c:\program files\RogueRemover FREE
2008-10-19 23:17   ---------   d-----w   c:\documents and settings\NetworkService\Application Data\AVG7
2008-01-16 13:34   22,328   ----a-w   c:\documents and settings\Enid\Application Data\PnkBstrK.sys
2007-06-03 19:10   49,400   -c--a-w   c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-04-14 00:53   49,400   ----a-w   c:\documents and settings\Enid\Application Data\GDIPFONTCACHEV1.DAT
2006-05-17 17:09   251   -c--a-w   c:\program files\wt3d.ini
2004-10-01 20:00   40,960   ----a-w   c:\program files\Uninstall_CDS.exe
2008-08-09 21:58   104   -csh--r   c:\windows\system32\9C9D6E59E0.sys
2007-10-30 05:02   88   --sh--r   c:\windows\system32\E0596E9D9C.sys
2008-08-09 21:58   7,518   --sha-w   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default ----

2008-12-11 23:03   247   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\searchplugins\Yoog Search.xml
2008-12-11 23:03   163   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\user.js
2008-11-16 18:12   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarks.html
2008-11-16 18:12   162   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\cookies.txt
2008-10-20 22:49   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarks.html.sbsd.bak
2008-10-20 18:52   2346   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\prefs.js
2008-10-11 23:16   0   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\permissions.sqlite
2007-12-25 16:21   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarks.bak
2007-12-25 16:21   65536   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\cert8.db
2007-12-25 16:21   16384   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\key3.db
2007-12-25 16:21   1215   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\localstore.rdf
2007-12-25 16:20   77   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\kf.txt
2007-12-23 23:29   93954   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\xpti.dat
2007-12-23 23:29   598   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\extensions.cache
2007-12-23 23:29   5371   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\extensions.rdf
2007-12-23 23:29   436   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\extensions.ini
2007-12-23 23:29   147996   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\compreg.dat
2007-08-15 00:02   4898816   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\urlclassifier2.sqlite
2007-08-14 23:17   100   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\blocklist.xml
2007-07-15 14:02   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarkbackups\bookmarks-2007-12-25.html
2007-07-15 14:02   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarkbackups\bookmarks-2007-12-23.html
2007-07-15 14:02   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarkbackups\bookmarks-2007-08-15.html
2007-04-19 20:34   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarkbackups\bookmarks-2007-07-15.html
2007-04-17 23:39   144   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\compatibility.ini
2007-04-16 00:31   9287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\bookmarkbackups\bookmarks-2007-04-18.html
2006-11-20 23:37   2048   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\search.sqlite
2006-11-20 23:37   16384   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\secmod.db
2006-10-11 03:05   663   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\chrome\userContent-example.css
2006-10-11 03:05   356   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\mimeTypes.rdf
2006-10-11 03:05   3287   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\search.rdf
2006-10-11 03:05   1078   --a------   c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default\chrome\userChrome-example.css

---- Directory of c:\program files\Mozilla Firefox ----

2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
2007-10-28 03:05   94   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
2007-10-28 03:05   788   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome.manifest
2007-10-28 03:05   671   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\install.rdf
2007-10-28 03:05   510   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
2007-10-28 03:05   1232   --a------   c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
2007-08-07 13:35   49152   --a------   c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2007-08-07 13:04   1144   --a------   c:\program files\Mozilla Firefox\plugins\ShockwavePlugin.class
2007-04-22 19:16   626688   --a--c---   c:\program files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcr80.dll
2007-04-22 19:16   548864   --a--c---   c:\program files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcp80.dll
2007-04-22 19:16   522   --a--c---   c:\program files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
2007-04-22 19:03   94208   --a--c---   c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
2007-04-22 19:03   297   --a--c---   c:\program files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xpt
2007-04-22 19:02   717312   --a--c---   c:\program files\Mozilla Firefox\plugins\npdivx32.dll
2007-04-22 19:02   535   --a--c---   c:\program files\Mozilla Firefox\plugins\npUpload.xpt
2007-04-22 19:02   1621   --a--c---   c:\program files\Mozilla Firefox\plugins\npdivx32.xpt
2006-12-18 03:18   77824   --a--c---   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2006-11-09 15:20   2111096   --a--c---   c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
2006-11-09 15:20   190072   --a--c---   c:\program files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe
2006-11-09 14:35   856   --a--c---   c:\program files\Mozilla Firefox\plugins\flashplayer.xpt
2003-07-14 21:56   13888   --a--c---   c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL

---- Directory of c:\program files\Mozilla Firefox\components ----

         c:\program files\Mozilla Firefox\components\

((((((((((((((((((((((((((((( snapshot@2008-12-11_ 2.36.00.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42   286,720   ----a-w   c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29   755,576   ----a-w   c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37   382,840   ----a-w   c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-12-13 01:01:46   4,608   ----a-w   c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-12-13 01:01:42   8,007,680   ----a-w   c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-12-13 01:00:32   80,696   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-12-13 01:01:03   1,276,720   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-12-13 01:01:04   150,320   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-12-13 01:01:04   920,376   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-12-13 01:01:04   35,648   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-12-13 16:57:17   250,928   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-12-13 01:01:04   20,280   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-12-13 01:01:04   781,104   ----a-w   c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-12-13 01:01:42   13,312   ----a-w   c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-12-13 01:01:03   371,496   ----a-w   c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-12-13 01:01:04   64,288   ----a-w   c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-12-13 01:01:04   416,544   ----a-w   c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-12-13 01:00:33   12,096   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-12-13 01:01:12   12,096   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-12-13 01:01:25   12,104   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-12-13 01:01:24   12,632   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-12-13 01:01:25   12,112   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-12-13 01:01:12   12,104   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-12-13 01:01:32   12,096   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-12-13 01:01:14   12,080   ----a-w   c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-12-13 01:01:14   11,544   ----a-w   c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-08-26 07:24:28   124,928   -c----w   c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28   347,136   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28   214,528   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28   133,120   -c----w   c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28   63,488   -c----w   c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59   70,656   -c----w   c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28   153,088   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28   230,400   -c----w   c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51   161,792   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28   383,488   -c----w   c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29   384,512   -c----w   c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15   6,066,176   -c----w   c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29   267,776   -c----w   c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00   13,824   -c----w   c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15   635,848   -c----w   c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30   27,648   -c----w   c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30   459,264   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30   52,224   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32   3,593,216   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30   477,696   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30   193,024   -c----w   c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30   671,232   -c----w   c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30   102,912   -c----w   c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30   105,984   -c----w   c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31   1,159,680   -c----w   c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31   233,472   -c----w   c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31   826,368   -c----w   c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2006-10-27 20:16:36   133,936   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 01:55:32   87,344   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 20:07:36   17,891,112   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-27 01:55:48   340,248   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 20:26:40   16,870,712   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 01:42:36   8,423,224   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 20:18:36   1,658,152   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 20:16:46   2,939,704   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 01:34:12   660,792   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 01:34:10   192,848   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 21:25:18   3,611,416   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 20:16:44   594,256   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 20:16:48   12,813,096   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 20:16:40   176,976   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 20:04:06   465,200   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 20:04:06   7,980,848   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-12-13 01:01:04   248,632   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 01:55:54   413,472   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 01:55:44   263,520   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 01:55:44   272,744   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 20:23:04   347,432   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 20:11:38   4,235,560   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 20:11:36   21,264   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 20:23:08   17,483,560   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 02:13:08   14,674,216   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 02:17:08   11,072   ----a-r   c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-12-01 05:01:14   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-12 23:10:17   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-12-01 05:01:14   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-12 23:10:17   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-01 05:01:14   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-12 23:10:17   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-12-01 05:01:14   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-12 23:10:17   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-01 05:01:14   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-12 23:10:17   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-01 05:01:14   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-12 23:10:17   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-01 05:01:14   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-12 23:10:17   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-01 05:01:14   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-12 23:10:17   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-01 05:01:14   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-12 23:10:17   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-01 05:01:14   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-12 23:10:17   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-12-01 05:01:14   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-12 23:10:17   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-01 05:01:14   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-12 23:10:16   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-01 05:01:14   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-12 23:10:16   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-13 01:06:10   217,864   ----a-r   c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-12-13 17:01:53   20,240   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-13 17:01:53   217,864   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-13 17:01:53   18,704   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-13 17:01:53   35,088   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-13 17:01:53   845,584   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-13 17:01:53   922,384   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-13 17:01:53   888,080   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-13 17:01:53   1,172,240   ----a-r   c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28   124,928   ------w   c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34   124,928   ------w   c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14   286,720   ------w   c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28   63,488   ------w   c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35   63,488   ------w   c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59   70,656   ------w   c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ------w   c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28   383,488   ------w   c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ------w   c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ------w   c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ------w   c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ------w   c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ------w   c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29   267,776   ------w   c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ------w   c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00   13,824   ------w   c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ------w   c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15   635,848   ------w   c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26   633,632   ------w   c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30   459,264   ------w   c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ------w   c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ------w   c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ------w   c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 07:08:40   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30   102,912   ------w   c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39   102,912   ------w   c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07   246,814   ------w   c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42   247,326   ------w   c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30   105,984   ------w   c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39   105,984   ------w   c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31   1,159,680   ----a-w   c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   ----a-w   c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31   233,472   ------w   c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39   233,472   ------w   c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
+ 2008-06-18 10:03:08   938,496   ------w   c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:22   2,450,944   -c--a-w   c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14   2,458,112   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\extmgr.dll
- 2008-12-06 03:39:40   295,664   ----a-w   c:\windows\system32\FNTCACHE.DAT
+ 2008-12-13 17:20:35   321,136   ----a-w   c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:11:54   285,184   ----a-w   c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14   286,720   ----a-w   c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\system32\ieudinit.exe
- 2002-08-21 09:10:16   204,800   -c--a-w   c:\windows\system32\INKED.DLL
+ 2006-10-26 18:45:04   207,360   ----a-w   c:\windows\system32\INKED.DLL
- 2008-06-10 06:21:01   135,168   ----a-w   c:\windows\system32\java.exe
+ 2008-12-12 23:30:41   144,792   ----a-w   c:\windows\system32\java.exe
- 2008-06-10 06:21:04   135,168   ----a-w   c:\windows\system32\javaw.exe
+ 2008-12-12 23:30:41   144,792   ----a-w   c:\windows\system32\javaw.exe
- 2008-06-10 07:32:34   139,264   ----a-w   c:\windows\system32\javaws.exe
+ 2008-12-12 23:30:41   148,888   ----a-w   c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58   100,864   -c--a-w   c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22   100,864   ----a-w   c:\windows\system32\logagent.exe
+ 2008-12-09 20:24:38   17,593,280   ----a-w   c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   ----a-w   c:\windows\system32\mshtml.dll
+ 2008-10-17 07:08:40   3,593,216   ----a-w   c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30   477,696   ----a-w   c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   ----a-w   c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30   193,024   ----a-w   c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38   193,024   ----a-w   c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30   671,232   ----a-w   c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39   671,232   ----a-w   c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30   102,912   ----a-w   c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39   102,912   ----a-w   c:\windows\system32\occache.dll
- 2008-10-19 23:15:42   56,160   ----a-w   c:\windows\system32\perfc009.dat
+ 2008-12-13 20:18:04   56,160   ----a-w   c:\windows\system32\perfc009.dat
- 2008-10-19 23:15:42   389,252   ----a-w   c:\windows\system32\perfh009.dat
+ 2008-12-13 20:18:04   389,252   ----a-w   c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30   44,544   ----a-w   c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   ----a-w   c:\windows\system32\pngfilt.dll
- 2008-04-14 00:12:07   246,814   ----a-w   c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42   247,326   ----a-w   c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38   60,416   ----a-w   c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59   62,976   ----a-w   c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30   105,984   ----a-w   c:\windows\system32\url.dll
+ 2008-10-16 20:38:39   105,984   ----a-w   c:\windows\system32\url.dll
- 2008-08-26 07:24:31   1,159,680   ----a-w   c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   ----a-w   c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31   233,472   ----a-w   c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39   233,472   ----a-w   c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31   826,368   ----a-w   c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40   826,368   ----a-w   c:\windows\system32\wininet.dll
- 2002-08-21 09:13:12   189,952   ----a-w   c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 18:45:04   293,376   ----a-w   c:\windows\system32\WISPTIS.EXE
- 2006-10-19 02:47:20   937,984   ----a-w   c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08   938,496   ----a-w   c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:22   2,450,944   ----a-w   c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14   2,458,112   ----a-w   c:\windows\system32\WMVCore.dll
+ 2008-12-13 20:13:57   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_798.dat
+ 2006-10-26 18:40:34   95,744   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 18:40:36   479,232   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 18:40:36   548,864   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 18:40:36   626,688   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 18:40:36   1,093,632   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 18:40:36   1,079,808   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 18:40:36   69,632   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 18:40:36   57,344   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 18:40:36   40,960   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 18:40:36   45,056   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 18:40:36   65,536   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 18:40:36   57,344   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 18:40:36   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 18:40:36   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 18:40:36   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 18:40:36   49,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 18:40:36   49,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-21 590848]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-26 219136]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-29 5419008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-05-16 114688]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-05-10 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogpath326]
--a------ 2006-09-18 17:04 86016 c:\windows\VMSnap326.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 16:54 49152 c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-11-27 00:06 3335944 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2003-09-10 02:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-04 18:17 282624 c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\moove\\_adv.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-08-16 26488]
S3 usbvm328;A4 Tech USB2.0 PC Camera F;c:\windows\system32\Drivers\usbvm326.sys [2007-01-19 348160]
S3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [2007-01-19 483072]
S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service []
S4 svchost1;FireDaemon Service: svchost1;c:\windows\Temp\FireDaemon.EXE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: MWOL &Dictionary - c:\windows\_MWOLTB.DLL/23/219
IE: MWOL &Thesaurus - c:\windows\_MWOLTB.DLL/23/220

c:\windows\Downloaded Program Files\mwolinstaller.dll - O16 -: {3CF32649-D1C0-4F42-AB44-ED284748920B}
hxxp://www.m-w.com/downloads/toolbar/webinstall.cab
c:\windows\Downloaded Program Files\mwoltb.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 15:20:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2008-12-13 15:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-13 20:27:52
ComboFix2.txt 2008-12-11 07:36:53

Pre-Run: 4,308,082,688 bytes free
Post-Run: 4,311,207,936 bytes free

597   --- E O F ---   2008-12-13 17:01:56

guestolo · « **Reply #18 on:** December 13, 2008, 03:53:17 PM »

Can you do this part for me please

download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color]
[color=\"red\"]Link 2[/color]
[color=\"red\"]Link 3[/color]

Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:

Code: [Select]

C:\Program Files\Mozilla Firefox\components

Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

In addition, can you ensure that Windows is set to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
c:\documents and settings\Enid\Application Data\Mozilla\Firefox\Profiles\lkbn9pss.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please

In addition, can you do one more step
Open Hijackthis>>"Open Misc tools Section"
Open "Hosts File Manager"
Click the Open in Notepad button
Then copy/paste back here the whole contents

Enid · « **Reply #19 on:** December 13, 2008, 04:07:52 PM »

DirLook.exe v2.0 by jpshortstuff
Log created at 15:59 on 13/12/2008
==================================
Contents of "C:\Program Files\Mozilla Firefox\components"

Unable to find directory.

==================================
[color=\"blue\"]=EOF=[/color]

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1184525519);
user_pref("app.update.lastUpdateTime.background-update-timer", 1184525519);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1184525519);
user_pref("app.update.lastUpdateTime.restart-nag-timer", 1176701500);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1184525519);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.formfill.enable", false);
user_pref("browser.history_expire_days", 0);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.startup.homepage", "http://www.msn.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.1");
user_pref("browser.visited_color", "#800080");
user_pref("extensions.lastAppVersion", "2.0.0.1");
user_pref("extensions.update.notifyUser", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.http.proxy.version", "1.0");
user_pref("security.enable_ssl2", true);
user_pref("security.enable_tls", false);
user_pref("security.warn_entering_secure", false);
user_pref("security.warn_submit_insecure", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/getkey?client=navclient-auto-ffox2.0&", 1176787891);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/getkey?client=navclient-auto-ffox2.0.0.1&", 1198704001);
user_pref("urlclassifier.tableversion.goog-black-enchash", "1.29330");
user_pref("urlclassifier.tableversion.goog-black-url", "1.12539");
user_pref("urlclassifier.tableversion.goog-white-domain", "1.23");
user_pref("urlclassifier.tableversion.goog-white-url", "1.371");
user_pref("yahoo.homepage.dontask", true);

127.0.0.1 localhost

News:

Author Topic: Yoog, Zlob, Bad Image, Windows firewall! (Read 1276 times)