 Packed Win32.monder.gen, That's what Kapersky is telling me |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 19 2008, 06:24 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 7 Joined: 19-April 08 Member No.: 203,934  |
Run by Philip Daniels on 2008-04-19 18:22:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 80: 2008-04-19 08:22:09 UTC - RP80 - Deckard's System Scanner Restore Point 79: 2008-04-19 00:44:32 UTC - RP79 - Installed %1 %2. 78: 2008-04-17 08:46:36 UTC - RP78 - Installed Kaspersky Internet Security 7.0. 77: 2008-04-17 08:33:52 UTC - RP77 - Removed Kaspersky Internet Security 7.0. 76: 2008-04-17 07:20:05 UTC - RP76 - Installed Kaspersky Internet Security 7.0. -- First Restore Point -- 1: 2008-04-16 09:46:24 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Philip Daniels.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:51, on 19-04-08 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe C:\Program Files\EscapeClosePro\EscapeClosePro.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\FileBX\FileBX.exe C:\Program Files\TypeItIn\typeitin.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Philip Daniels\Desktop\Downloads\Software\Protection and Security\dss.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Philip Daniels.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9F362DE5-AE75-4AF9-98CC-BEC900170A6B} - C:\WINDOWS\system32\wvUnKApQ.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CFi ShellToys Utility Manager] "C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe" -start O4 - HKCU\..\Run: [CFi ShellToys Clipboard History] "C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe" -start O4 - HKCU\..\Run: [HSLAB Shutdown Folder Lite] C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe O4 - HKCU\..\Run: [HSLAB Shutdown Folder] C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe O4 - HKCU\..\Run: [EscapeClose] C:\Program Files\EscapeClosePro\EscapeClosePro.exe O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun O4 - HKCU\..\Run: [PegtopPStart] C:\Program Files\Pegtop\PStart\PStart.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [LAzd51jaBr] C:\Documents and Settings\All Users\Application Data\yxehipkh\yfejkjyz.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe O4 - Startup: Locate32 Autorun.lnk = ? O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\typeitin.exe O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Startup: Windows Live Mail.lnk = C:\Program Files\Windows Live\Mail\wlmail.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207451446281 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: sspwlquc - sspwlquc.dll (file missing) O20 - Winlogon Notify: __c00B802D - C:\WINDOWS\ O21 - SSODL: KbdWin - {41325bab-301e-4bec-a7bb-6043e492b17e} - C:\WINDOWS\Resources\KbdWin.dll (file missing) O21 - SSODL: ComponentUnknown - {f7b23f40-295f-4ddb-b434-4b7b82b74086} - C:\WINDOWS\Resources\ComponentUnknown.dll (file missing) O21 - SSODL: AvpKbd - {fe924e18-4182-4068-a98f-08dc70dc208a} - C:\WINDOWS\Resources\AvpKbd.dll (file missing) O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9685 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 FileCloner - c:\windows\system32\drivers\famfd.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver> R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver> S3 WFIOCTL - c:\program files\winfast\wftvfm\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-19 18:17:00 272 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job -- Files created between 2008-03-19 and 2008-04-19 ----------------------------- 2008-04-19 17:57:39 0 d-------- C:\Program Files\Trend Micro 2008-04-19 17:04:26 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\IEPro 2008-04-19 17:04:17 0 d-------- C:\Program Files\IEPro 2008-04-19 11:02:57 0 d-------- C:\Program Files\Microsoft ASP.NET 3.5 Extensions 2008-04-19 08:54:11 0 d-------- C:\NETFramework35Enhancements_TrainingKit 2008-04-19 08:03:24 0 d-------- C:\Documents and Settings\Philip Daniels\Contacts 2008-04-17 18:48:10 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 18:48:10 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-17 18:47:00 1679648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-17 18:47:00 20364320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-17 18:46:58 0 d-------- C:\Program Files\Kaspersky Lab 2008-04-17 18:46:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-17 17:17:21 0 d-------- C:\KAV 2008-04-17 17:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-17 14:02:56 0 d-------- C:\Program Files\Enigma Software Group 2008-04-17 12:42:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Subversion 2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-17 12:36:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-17 12:36:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-17 12:36:44 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-17 12:36:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-04-17 12:36:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-17 12:36:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-17 10:26:47 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 10:26:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-04-17 08:54:23 0 d-------- C:\Program Files\MWSnap 2008-04-16 19:43:53 90077 --ahs---- C:\WINDOWS\system32\QpAKnUvw.ini2 2008-04-16 19:36:41 0 d-------- C:\Documents and Settings\All Users\Application Data\yxehipkh 2008-04-16 16:27:46 0 d-------- C:\Program Files\Tracker Software 2008-04-16 00:15:57 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Pegtop 2008-04-16 00:06:37 0 d-------- C:\Program Files\Pegtop 2008-04-15 18:30:53 0 d-------- C:\_BitTorrent 2008-04-15 15:49:46 0 d-------- C:\_BitTorrentUpLoads 2008-04-15 13:31:07 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; > 2008-04-15 13:31:07 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-04-15 13:31:06 0 d-------- C:\Program Files\ffdshow 2008-04-15 13:27:53 0 d-------- C:\Program Files\OpenSource Flash Video Splitter 2008-04-15 13:18:33 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\SWiSHvideo 2008-04-15 13:13:22 0 d-------- C:\Program Files\SWiSH Video2 2008-04-15 12:51:32 0 d-------- C:\Program Files\Winamp Toolbar 2008-04-15 12:51:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-04-15 12:51:10 0 d-------- C:\Program Files\Winamp 2008-04-15 12:51:10 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Winamp 2008-04-15 12:26:30 0 d-------- C:\WinFast WorkArea 2008-04-15 00:11:52 368 --a------ C:\drmHeader.bin 2008-04-14 22:41:33 0 d-------- C:\Program Files\EscapeClosePro 2008-04-14 14:20:05 0 d-------- C:\Program Files\FileBX 2008-04-12 21:07:52 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Windows Live Writer 2008-04-12 19:21:04 0 d-------- C:\Program Files\Xceed 2008-04-12 19:17:37 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Downloaded Installations 2008-04-11 17:09:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\DivX 2008-04-11 17:08:02 0 d-------- C:\Program Files\DivX 2008-04-11 09:24:30 0 d-------- C:\Program Files\uTorrent 2008-04-11 09:24:21 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\uTorrent 2008-04-11 04:15:50 0 d-------- C:\Documents and Settings\Philip Daniels\.dia 2008-04-11 04:08:51 0 d-------- C:\Program Files\Dia 2008-04-11 02:48:26 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-04-10 19:02:04 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Forte 2008-04-10 19:01:49 0 d-------- C:\Program Files\Agent 2008-04-10 08:43:37 0 d-------- C:\Program Files\TopCoder UML Tool 2008-04-09 02:12:15 0 d-------- C:\Documents and Settings\LocalService\Desktop 2008-04-09 01:36:34 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Genie-soft 2008-04-09 01:36:00 31232 --a------ C:\WINDOWS\system32\drivers\famfd.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver> 2008-04-09 01:35:54 0 d-------- C:\Program Files\File Access Manager 2008-04-09 01:35:46 0 d-------- C:\Program Files\Common Files\Genie-Soft Shared6 2008-04-09 01:35:45 0 d-------- C:\Program Files\Genie-Soft 2008-04-08 22:33:27 122880 --a------ C:\WINDOWS\UnGins.exe 2008-04-08 22:33:26 0 d-------- C:\Program Files\EscapeClose 2008-04-08 21:50:10 110592 --a------ C:\WINDOWS\system32\ccrpbds6.dll <Not Verified; Common Controls Replacement Project (CCRP); CCRPBrowseDlgSvr6.BrowseDialog> 2008-04-08 21:50:10 0 d-------- C:\Program Files\JerMar Software Corp 2008-04-08 21:14:35 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Direct Folders 2008-04-08 18:20:53 41472 --a------ C:\WINDOWS\system32\typeitin.dll 2008-04-08 18:20:53 0 d-------- C:\Program Files\TypeItIn 2008-04-08 14:10:50 0 d-------- C:\Program Files\FolderView 2008-04-08 13:48:19 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Help 2008-04-08 13:18:35 0 d-------- C:\Program Files\TabbedNotePad 2008-04-08 04:20:08 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Handy Software Lab 2008-04-08 04:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Handy Software Lab 2008-04-08 04:00:57 0 d-------- C:\Program Files\X-Setup Pro 2008-04-07 16:48:04 0 d-------- C:\Program Files\LeechGet 2004 2008-04-07 16:41:57 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Apple Computer 2008-04-07 15:16:37 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Talkback 2008-04-07 13:40:23 0 d-------- C:\Program Files\MSDN 2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\js 2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\images 2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\html 2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\css 2008-04-07 13:11:01 0 d-------- C:\Program Files\Business Objects 2008-04-07 13:03:25 0 d-------- C:\Program Files\MSXML 6.0 2008-04-07 13:01:42 0 d-------- C:\Program Files\Microsoft SQL Server 2008-04-07 13:00:37 0 d-------- C:\Program Files\Microsoft Device Emulator 2008-04-07 12:58:11 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2 2008-04-07 12:56:50 0 d-------- C:\Program Files\Microsoft Synchronization Services 2008-04-07 12:48:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions 2008-04-07 12:44:56 0 d-------- C:\WINDOWS\symbols 2008-04-07 12:41:37 0 d-------- C:\Program Files\Microsoft SDKs 2008-04-07 12:41:37 0 d-------- C:\Program Files\HTML Help Workshop 2008-04-07 12:41:37 0 d-------- C:\Program Files\Common Files\Merge Modules 2008-04-07 12:41:36 0 d-------- C:\Program Files\Microsoft.NET 2008-04-07 12:41:36 0 d-------- C:\Program Files\CE Remote Tools 2008-04-07 12:41:35 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-04-07 12:41:31 0 d-------- C:\Program Files\FreshDevices 2008-04-07 12:39:03 0 d-------- C:\Program Files\Microsoft Web Designer Tools 2008-04-07 12:38:38 0 dr-h----- C:\MSOCache 2008-04-07 12:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-07 12:34:14 0 d-------- C:\Program Files\MSBuild 2008-04-07 12:34:01 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-04-07 12:33:46 0 d-------- C:\Program Files\Reference Assemblies 2008-04-07 12:23:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Citeknet 2008-04-07 12:21:48 0 d--h----- C:\WINDOWS\PIF 2008-04-07 12:18:33 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Windows Desktop Search 2008-04-07 11:49:20 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\TeraCopy 2008-04-07 11:49:15 0 d-------- C:\Program Files\TeraCopy 2008-04-07 09:19:58 0 d-------- C:\WINDOWS\system32\NtmsData 2008-04-07 03:04:41 0 d-------- C:\_Temporary 2008-04-07 01:42:00 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\CFi ShellToys 2008-04-07 00:49:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-04-07 00:33:33 0 d-------- C:\Program Files\Microsoft Hardware 2008-04-07 00:24:21 0 d-------- C:\Program Files\SysinternalsSuite 2008-04-07 00:19:22 0 d-------- C:\Program Files\XPSysPad 2008-04-07 00:18:18 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2008-04-07 00:18:17 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek> 2008-04-07 00:18:17 0 d-------- C:\Program Files\PDFCreator 2008-04-07 00:13:25 0 d-------- C:\Program Files\WinPcap 2008-04-07 00:11:54 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-04-07 00:11:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Logitech 2008-04-06 23:59:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-04-06 23:59:05 0 d-------- C:\Program Files\Common Files\Logishrd 2008-04-06 23:59:04 0 d-------- C:\Program Files\Logitech 2008-04-06 23:59:03 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\InstallShield 2008-04-06 23:54:01 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Hyperionics 2008-04-06 23:44:55 0 d-------- C:\Program Files\CCleaner 2008-04-06 23:37:54 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys 2008-04-06 23:37:54 0 d-------- C:\Program Files\Belarc 2008-04-06 23:35:01 0 d-------- C:\Program Files\IFilterShop 2008-04-06 23:33:54 94208 --a------ C:\WINDOWS\system32\JpegIFilter.dll <Not Verified; AimingTech Company; JPEG IFilter Beta> 2008-04-06 23:33:54 0 d-------- C:\Program Files\JPEG IFilter 2008-04-06 23:27:49 0 d-------- C:\Program Files\Citeknet 2008-04-06 23:04:06 0 d-------- C:\Program Files\Windows Desktop Search 2008-04-06 23:03:34 0 d-------- C:\6bf02651d93f2bc9a5922e92 2008-04-06 22:52:52 0 d-------- C:\Program Files\Locate 2008-04-06 22:48:43 0 d-------- C:\_Backups 2008-04-06 22:47:19 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\EssentialPIM 2008-04-06 22:47:14 0 d-------- C:\Program Files\EssentialPIM 2008-04-06 22:45:34 0 d-------- C:\Program Files\Angel Writer 2008-04-06 22:43:47 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\3M 2008-04-06 22:43:29 0 d-------- C:\Program Files\3M 2008-04-06 22:39:16 0 d-------- C:\WINDOWS\system32\IOSUBSYS 2008-04-06 22:38:42 0 d-------- C:\Program Files\Google 2008-04-06 22:38:39 0 d-------- C:\Program Files\Picasa2 2008-04-06 22:36:05 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\CursorArts 2008-04-06 22:35:56 0 d-------- C:\Program Files\ImageForge3 2008-04-06 22:34:59 0 d-------- C:\Program Files\IrfanView 2008-04-06 22:34:02 0 d-------- C:\Program Files\Inkscape 2008-04-06 22:31:31 0 d-------- C:\Documents and Settings\Philip Daniels\.gimp-2.2 2008-04-06 22:31:00 0 d-------- C:\Program Files\GIMP-2.0 2008-04-06 22:30:25 0 d-------- C:\Program Files\Common Files\GTK 2008-04-06 22:24:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\WinRAR 2008-04-06 22:22:38 0 d-------- C:\Program Files\CFi 2008-04-06 22:21:58 0 d-------- C:\Program Files\GnuWin32 2008-04-06 22:17:46 0 d-------- C:\Program Files\Lupas Rename 2000 2008-04-06 22:16:59 0 d-------- C:\Program Files\Directory Lister 2008-04-06 22:14:53 24576 --a------ C:\WINDOWS\uninjssv.exe <Not Verified; JSWare; ProjectSVUninstall> 2008-04-06 22:14:53 45056 --a------ C:\WINDOWS\system32\JSStrms2.dll <Not Verified; JSWare; Stream Viewer> 2008-04-06 22:13:43 0 d-------- C:\Program Files\Rekenwonder Software 2008-04-06 22:10:25 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Subversion 2008-04-06 22:07:42 0 d-------- C:\Program Files\TortoiseSVN 2008-04-06 21:54:25 0 d-------- C:\Program Files\QuickTime 2008-04-06 21:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-06 21:44:13 0 d-------- C:\Program Files\Classic Windows Media Player 2008-04-06 21:43:42 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Media Player Classic 2008-04-06 21:31:23 0 d-------- C:\Program Files\Audacity 2008-04-06 21:22:43 0 d-------- C:\Program Files\TheSage 2008-04-06 21:19:32 0 d-------- C:\Program Files\Calc98 2008-04-06 21:14:20 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\vlc 2008-04-06 21:08:38 0 d-------- C:\Program Files\VideoLAN 2008-04-06 20:58:03 0 d--hs---- C:\WINDOWS\Installer 2008-04-06 20:58:03 0 d-------- C:\Program Files\Common Files\ODBC 2008-04-06 20:57:59 0 dr------- C:\Program Files 2008-04-06 20:57:59 0 d-------- C:\Program Files\Common Files 2008-04-06 20:57:59 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-04-06 20:57:37 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-04-06 20:57:37 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-04-06 20:57:37 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\All Users\Documents 2008-04-06 20:57:25 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-04-06 20:57:25 0 d-------- C:\WINDOWS\system32\CatRoot 2008-04-06 20:57:20 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-04-06 20:57:20 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-04-06 20:57:19 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-04-06 20:57:19 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-04-06 20:56:14 0 d--hs---- C:\System Volume Information 2008-04-06 20:56:14 0 d-------- C:\Documents and Settings 2008-04-06 20:54:24 0 d-------- C:\Program Files\xint 2008-04-06 20:48:11 0 d-------- C:\WINDOWS 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\WinSxS 2008-04-06 20:48:11 0 dr------- C:\WINDOWS\Web 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\twain_32 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\wins 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\wbem 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\usmt 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\spool 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ShellExt 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\Setup 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ras 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\oobe 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\npp 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\mui 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\inetsrv 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\IME 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\icsxml 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ias 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\export 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-04-06 20:48:11 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\dhcp 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\config 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\3076 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\2052 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1054 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1042 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1041 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1037 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1033 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1031 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1028 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1025 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\security 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Resources 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\repair 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Provisioning 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\PeerNet 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\pchealth 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\mui 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\msapps 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\msagent 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Media 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\java 2008-04-06 20:48:11 0 d--h----- C:\WINDOWS\inf 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\ime 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Help 2008-04-06 20:48:11 0 dr--s---- C:\WINDOWS\Fonts 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Driver Cache 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Debug 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Cursors 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Connection Wizard 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Config 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\AppPatch 2008-04-06 20:48:11 0 d-------- C:\WINDOWS\addins 2008-04-06 20:28:02 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Download Manager 2008-04-06 20:27:43 0 d-------- C:\WINDOWS\Sun 2008-04-06 18:13:44 0 d-------- C:\WINDOWS\Downloaded Installations 2008-04-06 16:35:43 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Macromedia 2008-04-06 16:35:38 1167 --a------ C:\WINDOWS\mozver.dat 2008-04-06 16:26:11 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\OpenOffice.org2 2008-04-06 16:24:38 0 d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-06 16:24:16 0 d-------- C:\Program Files\Java 2008-04-06 16:24:15 0 d-------- C:\Program Files\Common Files\Java 2008-04-06 16:24:09 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Sun 2008-04-06 16:23:24 0 d-------- C:\_Sandpit 2008-04-06 16:06:22 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-06 16:05:45 0 d-------- C:\Program Files\Windows Live Toolbar 2008-04-06 16:05:44 0 d-------- C:\Program Files\Windows Live Favorites 2008-04-06 16:05:06 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-04-06 16:01:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-06 16:01:32 0 d-------- C:\Program Files\Windows Live 2008-04-06 16:01:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-06 15:51:49 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-06 15:50:55 0 d-------- C:\WINDOWS\system32\LogFiles 2008-04-06 15:50:55 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-06 15:28:34 0 d-------- C:\Documents and Settings\Philip Daniels\dwhelper 2008-04-06 15:03:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-06 15:03:34 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Mozilla 2008-04-06 13:55:07 0 d-------- C:\Program Files\Digital Locker Assistant 2008-04-06 13:44:09 0 d-------- C:\Program Files\zabkat 2008-04-06 13:39:26 0 d-------- C:\WINDOWS\system32\URTTemp 2008-04-06 13:32:50 0 d-------- C:\WINDOWS\Prefetch 2008-04-06 13:26:36 0 d-------- C:\WINDOWS\system32\en 2008-04-06 13:26:36 0 d-------- C:\WINDOWS\system32\bits 2008-04-06 13:26:36 0 d-------- C:\WINDOWS\l2schemas 2008-04-06 13:25:36 0 d-------- C:\WINDOWS\ServicePackFiles 2008-04-06 13:23:21 0 d-------- C:\WINDOWS\EHome 2008-04-06 13:12:17 0 d-------- C:\WINDOWS\system32\PreInstall 2008-04-06 13:08:14 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-04-06 12:43:49 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-06 12:41:13 0 d-------- C:\WINDOWS\network diagnostic 2008-04-06 12:41:09 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-04-06 12:35:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-04-06 12:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-04-06 12:22:02 0 d--hs---- C:\Documents and Settings\Philip Daniels\UserData 2008-04-06 11:57:38 9600 --a------ C:\WINDOWS\system32\drivers\winfoxiobackup.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)> 2008-04-06 11:56:18 1138688 --a------ C:\WINDOWS\system32\WINFOXUT.dll <Not Verified; Leadtek Research Inc.; WinFox Utility Library(Windows 95/98//ME/NT/2000/XP/X64)> 2008-04-06 11:56:18 28672 --a------ C:\WINDOWS\system32\winfoxin.exe <Not Verified; Leadtek Research Inc.; WinFox Initial(Windows 2000/XP)> 2008-04-06 11:56:18 102400 --a------ C:\WINDOWS\system32\WFTime.SCR <Not Verified; Leadtek Research Inc.; WinFox Time Screen Saver> 2008-04-06 11:56:18 307200 --a------ C:\WINDOWS\system32\WFSrSv.SCR <Not Verified; Leadtek Research Inc.; WinFast Screen Saver> 2008-04-06 11:56:18 110592 --a------ C:\WINDOWS\system32\WFline.SCR <Not Verified; Leadtek Research Inc.; WinFox Line Screen Saver> 2008-04-06 11:56:18 668672 --a------ C:\WINDOWS\system32\WF2KCPL.dll <Not Verified; Leadtek Research Inc.; WinFast Display Property Sheet Extension> 2008-04-06 11:56:17 1490944 --a------ C:\WINDOWS\system32\Wf2k.exe <Not Verified; Leadtek Research Inc.; WinFox V2.0(Windows 95/98//ME/2000/XP)> 2008-04-06 11:56:17 13692 --a------ C:\WINDOWS\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver> 2008-04-06 11:56:17 22528 --a------ C:\WINDOWS\system32\drivers\WFIO64DR.sys <Not Verified; Leadtek Research Inc.; WinFox I/O 64bit Device (Windows X64)> 2008-04-06 11:56:17 0 d-------- C:\Program Files\Leadtek Research Inc 2008-04-06 11:56:07 0 d-------- C:\Documents and Settings\Philip Daniels\WINDOWS 2008-04-06 11:49:49 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\AdobeUM 2008-04-06 11:49:41 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-06 11:49:41 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Adobe 2008-04-06 11:49:14 0 d-------- C:\Program Files\Common Files\Ulead Systems 2008-04-06 11:48:54 0 d-------- C:\WINDOWS\RegisteredPackages 2008-04-06 11:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-04-06 11:47:57 49152 --a------ C:\WINDOWS\system32\TempDel.EXE <Not Verified; Leadtek Research Inc.; Leadtek Research Inc. TempDel> 2008-04-06 11:47:53 9446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)> 2008-04-06 11:47:51 0 d-------- C:\Program Files\WinFast 2008-04-06 11:43:51 0 d-------- C:\WINDOWS\nview 2008-04-06 11:43:44 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2008-04-06 11:43:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2008-04-06 11:43:41 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2008-04-06 11:43:40 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-04-06 11:43:39 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2008-04-06 11:43:37 1470464 --a------ C:\WINDOWS\system32\nview.dll 2008-04-06 11:43:37 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll 2008-04-06 11:43:37 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-04-06 11:43:30 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-04-06 11:43:30 196608 --a------ C:\WINDOWS\system32\nvapi.dll 2008-04-06 11:43:16 425984 --a------ C:\WINDOWS\system32\keystone.exe 2008-04-06 11:43:08 0 d-------- C:\WINDOWS\system32\WinFast 2008-04-06 11:42:36 0 d-------- C:\WINDOWS\system32\WinFox 2008-04-06 11:42:36 9600 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)> 2008-04-06 11:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-04-06 11:27:38 0 d-------- C:\Program Files\Gigabyte 2008-04-06 11:27:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-04-06 11:26:07 0 d-------- C:\WINDOWS\Cache 2008-04-06 11:24:27 0 d-------- C:\WINDOWS\system32\Lang 2008-04-06 11:22:10 49152 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-04-06 11:21:55 1953792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe <Not Verified; Gigabyte Technology Corp.; Gigabyte RAID Configurer> 2008-04-06 11:21:55 139264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library> 2008-04-06 11:21:51 0 d-------- C:\WINDOWS\JM 2008-04-06 11:21:48 0 d-------- C:\WINDOWS\system32\RTCOM 2008-04-06 11:21:26 0 d-------- C:\Program Files\Realtek 2008-04-06 11:21:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-06 11:21:23 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2008-04-06 11:20:25 0 d-------- C:\Program Files\Marvell 2008-04-06 11:20:22 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-06 11:17:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-04-06 11:17:50 0 d-------- C:\Program Files\Intel 2008-04-06 11:16:25 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Identities 2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\Templates 2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\Start Menu 2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\SendTo 2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\Recent 2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\PrintHood 2008-04-06 11:16:17 3670016 --ah----- C:\Documents and Settings\Philip Daniels\NTUSER.DAT 2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\NetHood 2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\My Documents 2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\Local Settings 2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\Favorites 2008-04-06 11:16:17 0 d-------- C:\Documents and Settings\Philip Daniels\Desktop 2008-04-06 11:16:17 0 d--hs---- C:\Documents and Settings\Philip Daniels\Cookies 2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\Application Data 2008-04-06 11:15:38 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-04-06 11:15:36 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-04-06 11:15:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-04-06 11:15:36 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-04-06 11:15:36 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-04-06 11:15:36 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-04-06 11:15:35 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-04-06 11:15:24 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-04-06 11:15:24 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-04-06 11:15:24 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-04-06 11:15:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-04-06 11:15:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-04-06 11:12:39 0 d-------- C:\WINDOWS\system32\xircom 2008-04-06 11:12:39 0 d-------- C:\Program Files\microsoft frontpage 2008-04-06 11:12:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-04-06 11:12:31 0 -rahs---- C:\MSDOS.SYS 2008-04-06 11:12:31 0 -rahs---- C:\IO.SYS 2008-04-06 11:12:31 0 --a------ C:\CONFIG.SYS 2008-04-06 11:12:31 0 --a------ C:\AUTOEXEC.BAT 2008-04-06 11:11:48 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-04-06 11:11:40 0 dr------- C:\WINDOWS\Offline Web Pages 2008-04-06 11:11:39 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-04-06 11:11:30 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-06 11:11:12 0 d-------- C:\WINDOWS\system32\DirectX 2008-04-06 11:10:40 0 d---s---- C:\WINDOWS\Tasks 2008-04-06 11:10:39 0 d-------- C:\Program Files\Common Files\MSSoap 2008-04-06 11:10:35 0 d-------- C:\WINDOWS\srchasst 2008-04-06 11:10:34 0 d-------- C:\WINDOWS\system32\Macromed 2008-04-06 11:10:25 0 d-------- C:\Program Files\Movie Maker 2008-04-06 11:10:17 0 d-------- C:\WINDOWS\system32\Restore 2008-04-06 11:09:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-06 11:09:45 0 d-------- C:\WINDOWS\Registration 2008-04-06 11:09:24 0 d-------- C:\Program Files\Online Services 2008-04-06 11:09:19 0 d-------- C:\Program Files\Messenger 2008-04-06 11:09:15 0 d-------- C:\Program Files\MSN Gaming Zone 2008-04-06 11:08:32 0 d-------- C:\Program Files\Windows NT 2008-04-06 11:08:29 0 d-------- C:\WINDOWS\system32\MsDtc 2008-04-06 11:08:27 0 d-------- C:\WINDOWS\system32\Com 2008-04-01 07:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-04-01 07:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-04-01 07:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-04-01 07:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-04-01 07:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-03-22 06:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-22 06:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-03-22 06:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-03-22 06:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2008-04-06 20:57:37 62 --ahs---- C:\Documents and Settings\Philip Daniels\Application Data\desktop.ini 2008-02-01 11:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 20-03-08 08:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F362DE5-AE75-4AF9-98CC-BEC900170A6B}] C:\WINDOWS\system32\wvUnKApQ.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}] 25-03-08 12:52 1099456 --a------ C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [20-03-08 08:36 1267040] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [14-11-06 19:21 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [16-05-06 20:04 C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [03-05-05 20:43 C:\WINDOWS\Alcmtr.exe] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [31-10-06 14:44] "36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [17-11-06 11:05] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-06 21:43] "nwiz"="nwiz.exe" [11-08-06 21:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11-08-06 21:43] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-07 02:17 C:\WINDOWS\KHALMNPR.Exe] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [21-03-02 20:41] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08-02-08 18:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-08 22:16] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFi ShellToys Utility Manager"="C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe" [25-02-08 15:22] "CFi ShellToys Clipboard History"="C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe" [07-04-08 01:47] "HSLAB Shutdown Folder Lite"="C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe" [] "HSLAB Shutdown Folder"="C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe" [] "EscapeClose"="C:\Program Files\EscapeClosePro\EscapeClosePro.exe" [13-12-06 17:32] "EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [22-12-07 00:25] "PegtopPStart"="C:\Program Files\Pegtop\PStart\PStart.exe" [16-04-08 00:06] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-07 11:34] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Philip Daniels\Start Menu\Programs\Startup\ FileBox eXtender.lnk - C:\Program Files\FileBX\FileBX.exe [4/16/2008 11:08:38 PM] Locate32 Autorun.lnk - C:\Program Files\Locate\Locate32.exe [10/22/2006 3:00:00 AM] OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM] Post-it© Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM] TypeItIn.lnk - C:\Program Files\TypeItIn\typeitin.exe [4/8/2008 6:20:53 PM] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM] Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe [10/23/2007 12:13:46 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "LAzd51jaBr"=C:\Documents and Settings\All Users\Application Data\yxehipkh\yfejkjyz.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"=00000000 "NoWinKeys"=00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{067B597C-C099-4A08-A180-E5FEC5DCF2DF}"= C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll [25-02-08 15:22 43008] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05-02-07 15:39 294400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "KbdWin"= {41325bab-301e-4bec-a7bb-6043e492b17e} - C:\WINDOWS\Resources\KbdWin.dll [ ] "ComponentUnknown"= {f7b23f40-295f-4ddb-b434-4b7b82b74086} - C:\WINDOWS\Resources\ComponentUnknown.dll [ ] "AvpKbd"= {fe924e18-4182-4068-a98f-08dc70dc208a} - C:\WINDOWS\Resources\AvpKbd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09-01-08 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sspwlquc] sspwlquc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00B802D] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe] Debugger="C:\PROGRAM FILES\SYSINTERNALSSUITE\PROCEXP.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnKApQ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- End of Deckard's System Scanner: finished at 2008-04-19 18:29:20 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz Percentage of Memory in Use: 22% Physical Memory (total/avail): 3070.42 MiB / 2370.39 MiB Pagefile Memory (total/avail): 4446.24 MiB / 3877.07 MiB Virtual Memory (total/avail): 2047.88 MiB / 1877.7 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 232.88 GiB total, 191.41 GiB free. D: is Fixed (NTFS) - 232.88 GiB total, 186.46 GiB free. E: is CDROM (Unformatted) \\.\PHYSICALDRIVE0 - SATA WDC WD25 SCSI Disk Device - 232.88 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C: \\.\PHYSICALDRIVE1 - SATA WDC WD25 SCSI Disk Device - 232.88 GiB - 1 partition \PARTITION0 - Installable File System - 232.88 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Philip Daniels\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PHILS-SYSTEM ComSpec=C:\WINDOWS\system32\cmd.exe DEVMGR_SHOW_DETAILS=1 DEVMGR_SHOW_NONPRESENT_DEVICES=1 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Philip Daniels LOGONSERVER=\\PHILS-SYSTEM NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\WINDOWS\system32\WindowsPowerShell\v1.0 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1 PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp TMP=C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp USERDOMAIN=PHILS-SYSTEM USERNAME=Philip Daniels USERPROFILE=C:\Documents and Settings\Philip Daniels VS90COMNTOOLS=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\ windir=C:\WINDOWS __COMPAT_LAYER=DisableNXShowUI -- User Profiles --------------------------------------------------------------- Philip Daniels (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Documents and Settings\Philip Daniels\Local Settings\Application Data\{EEFA5AD6-80AE-44E9-B1E7-3005A085ADF7}\FbxSetup.exe --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf @BIOS B06.1124.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly ADO.NET Entity Framework 1.0 (Pre-Release Version) --> c:\WINDOWS\Microsoft.NET\Framework\v3.5\ADO.NET Entity Framework 1.0 (Pre-Release Version)\install.exe ADO.NET Entity Framework 1.0 (Pre-Release Version) --> MsiExec.exe /I{CD0A3112-39C9-43F4-99CF-F31EAF48099F} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe PDF IFilter 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu" Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Angel Writer 3.1 --> "C:\Program Files\Angel Writer\unins000.exe" Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe" Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Calc98 --> C:\Program Files\Calc98\setup.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} CFi ShellToys v6.3.0 --> "C:\Program Files\CFi\ShellToys\unins000.exe" Citeknet CHM IFilter (Beta) --> MsiExec.exe /I{997A73A2-FF87-4A47-A358-DC2FD4D2C644} Citeknet EXE IFilter --> MsiExec.exe /I{7EDC893F-1E95-4CEB-BA5D-300AD7C1F754} Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32} Dia (remove only) --> C:\Program Files\Dia\dia-0.96.1-7-uninstall.exe Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C} Directory Lister v0.9 --> "C:\Program Files\Directory Lister\unins000.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DMIView B06.1227.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll" EscapeClose --> C:\WINDOWS\UnGins.exe "C:\Program Files\EscapeClose\install.log" EscapeClose Pro --> C:\WINDOWS\UnGins.exe "C:\Program Files\EscapeClosePro\install.log" EssentialPIM --> C:\Program Files\EssentialPIM\uninstall.exe ETC B07.0116.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}\setup.exe" -l0x9 -removeonly Face_Wizard B06.1129.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly ffdshow [rev 1928] [2008-04-10] --> "C:\Program Files\ffdshow\unins000.exe" File Access Manager (remove only) --> "C:\Program Files\File Access Manager\uninstall.exe" FileBox eXtender --> "C:\Documents and Settings\Philip Daniels\Local Settings\Application Data\{EEFA5AD6-80AE-44E9-B1E7-3005A085ADF7}\FbxSetup.exe" REMOVE=TRUE MODIFY=FALSE Forté Agent --> C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG Genie Backup Manager PE 6.0 --> "C:\Program Files\Genie-Soft\GBMPE 6.0\unins000.exe" Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly GIMPshop 2.2.8 --> C:\Program Files\GIMP-2.0\bin\uninst.exe GnuWin32: CoreUtils version 5.3.0 --> "C:\Program Files\GnuWin32\uninstall\unins000.exe" GTK+ 2.6.10-20050823 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall i-Cool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28184E01-D57A-4933-A09B-F65403F16D82}\setup.exe" -l0x9 -uninst -removeonly IE7Pro --> C:\Program Files\IEPro\uninst.exe IFilterShop PDF+ IFilter WE 2.0 (remove only) --> C:\Program Files\IFilterShop\PdfPlusFilter\uninstall.exe IFilterShop StarOffice/OpenOffice IFilter WE 1.2 (remove only) --> C:\Program Files\IFilterShop\SOFilter\uninstall.exe Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} ImageForge version 3.60 --> "C:\Program Files\ImageForge3\unins000.exe" Inkscape 0.45 --> "C:\Program Files\Inkscape\uninst.exe" IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} JPEG IFilter 1.0 --> "C:\Program Files\JPEG IFilter\unins000.exe" jsFolderView Plus Explorer Bar --> C:\jsFolVw\unjsfv.exe Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf Locate32 --> C:\Program Files\Locate\Remove.exe Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly Lupas Rename 2000 v5.0 Release --> "C:\Program Files\Lupas Rename 2000\unins000.exe" Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft ASP.NET 3.5 Extensions CTP --> MsiExec.exe /X{44FAFCA0-694A-11DC-99FC-B6C555D89593} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66} Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE} Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8} Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3} Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504} Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD} Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D} Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7} Microsoft Visual Studio 2008 Professional Edition - ENU --> c:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D} Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D} Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f} Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3} Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSDN Library for Visual Studio 2008 - ENU --> c:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe MSDN Library for Visual Studio 2008 - ENU --> MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E} MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} MWSnap 3 --> "C:\Program Files\MWSnap\uninstall.exe" OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E} OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe" PDF-XChange PDF Viewer version 2.0.0.36 --> "C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe" PDFCreator --> C:\Program Files\PDFCreator\unins000.exe Pegtop PStart --> C:\Program Files\Pegtop\PStart\PStart.exe -uninstall "C:\Program Files\Pegtop\PStart\Installation.xml" Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini" QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Stream Explorer 1.0.3 --> "C:\Program Files\Rekenwonder Software\Stream Explorer\unins000.exe" Stream Viewer Utility --> C:\WINDOWS\uninjssv.exe SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264} TeraCopy 1.22 --> "C:\Program Files\TeraCopy\unins000.exe" The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe" TheSage --> "C:\Program Files\TheSage\uninstall.exe" TortoiseSVN 1.4.5.10425 (32 bit) --> MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0} Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6} Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe" Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{39E705C7-669D-42EC-90F0-38F376D24774} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876} Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B} Windows PowerShell™ 1.0 --> "C:\WINDOWS\$NtUninstallKB926139$\spuninst\spuninst.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinDriversBackup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C713C8B5-F0E1-401D-AE9B-3AB0E180D626}\setup.exe" WinFast PVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934519A2-4D50-4B83-A459-92D90E9E3188}\Setup.exe" -l0x9 -removeonly WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly WinFox Setup --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Leadtek Research Inc.\WinFox Setup\Uninst.isu" -c"C:\WINDOWS\system32\WinFox\WinFoxUT.dll" WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WMI ODBC Driver --> MsiExec.exe /X{0CB034AF-1D7F-49E9-929A-4CDB8581FC36} Xceed DataGrid for WPF v2.0 --> MsiExec.exe /X{BDBB379C-1EE0-4C09-ABFF-4048E0CBE8E4} xint v4.3 by xtort.net © --> "C:\Program Files\xint\unins000.exe" XML Paper Specification Shared Components Pack 1.0 --> XP SysPad V7.9.5 by xtort.net © --> "C:\Program Files\XPSysPad\unins001.exe" xplorer˛ lite --> "C:\Program Files\zabkat\xplorer2_lite\Uninstall.exe" Xteq-dotec X-Setup Pro 6.6.300.Final1 --> "C:\Program Files\X-Setup Pro\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type4886 / Error Event Submitted/Written: 04/19/2008 00:28:22 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 661635492. Event Record #/Type4885 / Error Event Submitted/Written: 04/19/2008 00:28:18 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application rundll32.exe, version 5.1.2600.3311, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type4884 / Error Event Submitted/Written: 04/19/2008 00:27:29 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 661635492. Event Record #/Type4883 / Error Event Submitted/Written: 04/19/2008 00:27:25 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application rundll32.exe, version 5.1.2600.3311, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type4832 / Warning Event Submitted/Written: 04/19/2008 11:04:40 AM Event ID/Source: 1 / Visual Studio - VsTemplate Event Description: Error in Template (c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ProjectTemplates\CSharp\Windows\1033\WPFBrowserApplication.zip), file (csWPFBrowserApplication.vstemplate). Unknown element (EnableEditOfLocationField). Parsing will attempt to recover. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type5048 / Error Event Submitted/Written: 04/19/2008 00:46:48 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 10.1.1.2 for the Network Card with network address 0016E6DACBAA has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message). Event Record #/Type5043 / Warning Event Submitted/Written: 04/19/2008 11:18:07 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type5033 / Error Event Submitted/Written: 04/19/2008 11:16:49 AM Event ID/Source: 10016 / DCOM Event Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. Event Record #/Type5006 / Warning Event Submitted/Written: 04/19/2008 07:48:11 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type5005 / Error Event Submitted/Written: 04/19/2008 07:47:36 AM Event ID/Source: 10016 / DCOM Event Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. -- End of Deckard's System Scanner: finished at 2008-04-19 18:29:20 ------------ I have attached an HTML file that was generated by the Belarc programme - it provides an inventory of my system hardware and software. I believe my system is infected with malware of one sort or another. The symptoms are as follows, unless otherwise stated they are repeatable Windows Live Mail [WLM] - when this program is started a spurious dialogue box "pops up", purportedly from Outlook Express informing me that its time to compress the database, the OK and Cancel buttons are available, I have only ever clicked Cancel - other than that WLM behaves normally. Why am I sure this is spurious:- because the same dialogue box "pops up" when I run Belarc, again the application appears to run normally I recently rebuilt my system from scratch, not because of an infection, but because the computer was about to get connected to the 'net, and because I was not happy with the way my folders were organised etc. Immediately after the XP install I used the Control Panel-Add or Remove Programs->Add/Remove Windows Components to remove Outlook Express, Messenger, Games and MSN, the first two because I knew I was about to install Windows Live, the third needs no explanation and the last because IMO it is irrelevant in Australia. Task Manager, this item is greyed out and I cannot reinstate via services.msc in normal nor in safe mode. Ctl/AltDel does not bring up Task Manager either. If I start SysInternals Process Explorer and select the option to have it replace Task Manager, then the Task Manager item is still greyed out in the Taskbar, but Process Explorer can be invoked with a 3 finger salute. Display Properties - Desktop Tab - clicking this tab causes the program to wedge, that is to say the application goes into a Not Responding state, the only way of getting rid of it is to use Process Explorer to kill the rundll instance in which it's running. Display Properties - Screen Saver - keeps resetting to no screen saver, I normally have it set show to the XP screen saver after a period of 5 minutes. SysInternals GetSysInfo - One is required to run this program and attach the results thereof to any report one submits to Kapersky. When I run the program it trashes XP, i.e. the whole shooting box collapses and the system restarts. The restart is very slow, long pause between the Windows Progress Bar screen and the Welcome screen, another long pause before my identity is displayed for me to log on, another long pause before it loads my settings. Then a dialogue is popped up that tells me XP crashed requesting permission to send report to MS (a crash dump I guess) Then another dialogue pops up (see PostXP Crash.png), then everything wedges and I have to restart using the computer's reset button. This restart is faster i.e. normal delays (which are quite short) - the XP crashed dialogue comes up again, I let it send crash report to MS, it fires up the browser and takes me into MS's OCA process - or as I call it the "Houston, Apollo 13's got a problem" process. I answer all the questions, but I don't run their memory test as that doesn't make sense to me, a bit like my ISP telling me to reset my router when I made a complaint about the frequency of newsgroup updates. Control Panel->Add Install Programs->Add/Remove Windows Components - the Wizard crashes XP similar to SysInternals GetSysInfo if anything has to be added from the XP CD, OK if things are removed, not sure if this repeatable, trashing XP is not something I like doing. I have zipped up the Deckard reports and attached them. With respect to Kapersky I have the Internet Suite version 7.0 installed with a paid up license. Can I send from it rather than running the Online version. I think I got infected with a Trojan Horse Downloader via a Flash video. I visited a site that came high up on an MS Live Search for something like "openoffice writers tools install" (an OOo add on, that, at the time, I was having difficulties installing), I run FF and as you'll see from attached Infolister report I run FlashBlock. The site did not have much text possibly not much more than my query - foolishly I clicked Flashblock's Play button, assuming I'd get a demo of how to install this Writer's Tools extension in OOo. The flash spinning wheel came up and it spun and it spun and it spun until I closed the Tab and went back to the Search results - never did find anything useful but I eventually managed to sort it out. I will probably demolish & rebuild my system. However I can hold off for a week or so, I have to go away for a few days on Wednesday and I am happy to delay rebuild until my return as I don't think I could finish it by Wednesday and I'd rather not leave it half done. I've also just about used up April's download quota, so I might actually leave it until early May when new billing period starts. In the meantime if there is any further information or tests you'd like me to do then I will try my best. My motivation is to add to the knowledge base so that other's might benefit. Look forward to hearing from y'all This post has been edited by urbane.tiger: Apr 19 2008, 07:16 PM
Attached File(s)
Post_XP_Crash.png ( 9.13k )
Number of downloads: 3
_Phils_system_.html ( 65.4k )
Number of downloads: 21
Deckard_Reports.zip ( 101k )
Number of downloads: 20
FF_Extensions.txt ( 1.17k )
Number of downloads: 18 |
 |
 
|
|
May 3 2008, 09:55 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Coach Posts: 6,499 Joined: 27-October 06 From: Florida Member No.: 92,376 |
Hello urbane.tiger
Welcome to BleepingComputer  ======================== If you are still in need of assistance please post a new Hijackthis log. -------------------- Please do not pm for help, post it in the forums instead.
If I have helped you then please consider donating to continue the fight against malware  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 03:26 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.