BleepingComputer.com: Google and Yahoo hijacked- Please help!

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Google and Yahoo hijacked- Please help!

#1 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 26 December 2008 - 07:09 PM

I downloaded a program from download.com that I thought would be safe and reliable but it wasn't. It was WinRAR trial version- not sure if that's the exact name. I've managed to get rid of some of the weird stuff that's been happening with Mcafee. The only thing I can visibly see that's happening now is that when I try to go to google.com or yahoo.com, it goes to a page that appears to be Microsoft (the address bar still shows google or yahoo) with a link to download Spyware software when you click the link it takes you to www.antispy.com/index.htm

I ran a hijack this log

but posted below is my DDS


DDS (Version 1.1.0) - NTFSx86
Run by McCarter at 18:44:58.54 on Fri 12/26/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.73 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\McCarter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [lphc98jj0enca] c:\windows\system32\lphc98jj0enca.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music engine\ymetray.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-25 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-17 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-25 144704]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-25 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-25 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-25 40488]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys []
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys []

=============== Created Last 30 ================

2008-12-26 17:52 <DIR> --d----- c:\program files\Trend Micro
2008-12-23 20:01 1,988 a------- c:\windows\checkip.dat
2008-12-21 08:24 32,768 a------- c:\windows\system32\fkj.jee
2008-12-21 08:24 24,576 a------- c:\windows\system32\rgr6.pa
2008-12-21 08:24 32,768 a------- c:\windows\system32\zed.pa
2008-12-21 08:24 21,504 a------- c:\windows\system32\v1.e2
2008-12-21 08:24 65,024 a------- c:\windows\system32\r33.es
2008-12-21 08:24 64,512 a------- c:\windows\system32\efgop.ee
2008-12-21 08:23 163,840 a------- c:\windows\system32\aston.mt

==================== Find3M ====================

2008-12-21 08:24 577,536 a------- c:\windows\system32\user32(2).DLL
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2006-12-17 23:59 310 a------- c:\docume~1\mccarter\applic~1\wklnhst.dat

============= FINISH: 18:45:50.03 ===============

Attached File(s)


#2 User is offline   thewall 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,414
  • Joined: 19-June 07
  • Gender:Male
  • Location:Florida

Posted 03 January 2009 - 04:08 PM

Hello rmccarter2 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out. Please give me some time to go over your logs and I will get back with you. As a Trainee all of my work has to be reviewed by a coach so sometimes it's a little slow but I will be as prompt as possible.


I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. I will need you to reply to this post so I know you still are in need of assistance.




Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 04 January 2009 - 08:05 PM

Thanks- I'm still here and still need help.

I mentioned earlier that it isn't limited to google and yahoo, also itunes and youtube.

I appreciate it. I'm hanging with this site until it's fixed.

Thanks all.

#4 User is offline   thewall 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,414
  • Joined: 19-June 07
  • Gender:Male
  • Location:Florida

Posted 06 January 2009 - 05:17 PM

Just letting you know that we are really swamped and I haven't forgotten you. :thumbsup:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 06 January 2009 - 07:05 PM

Thanks I appreciate it

#6 User is offline   thewall 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,414
  • Joined: 19-June 07
  • Gender:Male
  • Location:Florida

Posted 07 January 2009 - 09:31 AM

OK, we can get started. Sorry about the delay.



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.



We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
c:\windows\system32\lphc98jj0enca.exe
c:\windows\system32\fkj.jee
c:\windows\system32\rgr6.pa
c:\windows\system32\zed.pa
c:\windows\system32\v1.e2
c:\windows\system32\r33.es
c:\windows\system32\efgop.ee
c:\windows\system32\aston.mt

  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.

  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.

  • Click Continue at the disclaimer screen.

  • Once it has finished, two logs will open. Please post the contents of log.txt (<<will be maximized). Do not post the info.txt which will be minimized yet.




When completed please provide the following:
  • OTMoveit3 log
  • MBAM report
  • The log.txt from RSIT. We may need the info.txt later but due to length of the post just provide log.txt now.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 10 January 2009 - 08:42 AM

Thank you- I'm working this today. I really appreciate it

#8 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 10 January 2009 - 12:57 PM

Hey guy I know my google is working now. I don't know about the rest yet. I appreciate your help very much. It was worth the wait. I've posted all the logs you've requested below. Please let me know if I need to do anything further.

Thanks again.

========== FILES ==========
File/Folder c:\windows\system32\lphc98jj0enca.exe not found.
c:\windows\system32\fkj.jee moved successfully.
c:\windows\system32\rgr6.pa moved successfully.
c:\windows\system32\zed.pa moved successfully.
c:\windows\system32\v1.e2 moved successfully.
c:\windows\system32\r33.es moved successfully.
c:\windows\system32\efgop.ee moved successfully.
File/Folder c:\windows\system32\aston.mt not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01102009_091218




Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 2

1/10/2009 10:10:19 AM
mbam-log-2009-01-10 (10-10-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119308
Time elapsed: 47 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc98jj0enca (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by McCarter at 2009-01-10 12:45:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (72%) free of 76 GB
Total RAM: 502 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:33 PM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\McCarter\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\McCarter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 10735 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-08-02 364544]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NDSTray.exe"=NDSTray.exe []
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-23 16050688]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-22 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-22 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-22 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-02 761948]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-18 89541]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"TFncKy"=TFncKy.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-07-03 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-07-03 700416]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"Tunebite"=C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-22 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Abacast\Abaclient.exe"="C:\Program Files\Abacast\Abaclient.exe:*:Enabled:Abaclient"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-01-10 12:45:21 ----D---- C:\rsit
2009-01-10 09:17:19 ----D---- C:\Documents and Settings\McCarter\Application Data\Malwarebytes
2009-01-10 09:17:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-10 09:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-10 09:12:18 ----D---- C:\_OTMoveIt
2009-01-10 09:05:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-10 09:05:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-10 09:05:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-10 09:05:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-29 07:33:31 ----D---- C:\WINDOWS\Prefetch
2008-12-28 19:57:16 ----D---- C:\WINDOWS\network diagnostic
2008-12-28 19:56:38 ----A---- C:\WINDOWS\system32\sprecovr.exe
2008-12-28 19:52:53 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-12-28 19:52:42 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-12-28 19:52:42 ----A---- C:\WINDOWS\system32\secedit.exe
2008-12-28 19:52:42 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-12-28 19:52:41 ----A---- C:\WINDOWS\system32\bthci.dll
2008-12-28 19:52:41 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-12-28 19:52:41 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-28 19:52:41 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-28 19:52:41 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-12-28 19:52:40 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-12-28 19:52:40 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-12-28 19:52:40 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-12-28 19:52:40 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-12-28 19:52:40 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-12-28 19:52:39 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-12-28 19:52:39 ----A---- C:\WINDOWS\system32\encapi.dll
2008-12-28 19:52:39 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-12-28 19:52:38 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\mssap.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-12-28 19:52:37 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\twext.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-12-28 19:52:36 ----A---- C:\WINDOWS\system32\p2p.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-12-28 19:52:35 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-12-28 19:52:26 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-12-28 19:52:26 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-28 19:52:25 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-12-28 19:52:25 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-12-28 19:52:23 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-12-28 19:52:22 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-12-28 19:52:22 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-28 19:52:21 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\getmac.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\fde.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\cipher.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-12-28 19:52:20 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\logman.exe
2008-12-28 19:52:19 ----A---- C:\WINDOWS\system32\gptext.dll
2008-12-28 19:52:18 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-12-28 19:52:17 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqise.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-12-28 19:52:16 ----A---- C:\WINDOWS\system32\mqad.dll
2008-12-28 19:52:15 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-12-28 19:51:41 ----A---- C:\WINDOWS\winhlp32.exe
2008-12-28 19:51:41 ----A---- C:\WINDOWS\twain_32.dll
2008-12-28 19:51:41 ----A---- C:\WINDOWS\regedit.exe
2008-12-28 19:51:41 ----A---- C:\WINDOWS\hh.exe
2008-12-28 19:51:41 ----A---- C:\WINDOWS\explorer.exe
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\admparse.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\activeds.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\aclui.dll
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-28 19:51:39 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\attrib.exe
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\atl.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\at.exe
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\amstream.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\alg.exe
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\ahui.exe
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-28 19:51:38 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\browseui.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\browser.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\browselc.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\authz.dll
2008-12-28 19:51:37 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\certcli.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\camocx.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cabview.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-12-28 19:51:36 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-12-28 19:51:35 ----A---- C:\WINDOWS\system32\cic.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\comres.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\compstui.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\compatui.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-12-28 19:51:34 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-12-28 19:51:33 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-12-28 19:51:33 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-28 19:51:33 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\credui.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\corpol.dll
2008-12-28 19:51:32 ----A---- C:\WINDOWS\system32\conime.exe
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\datime.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\danim.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\csrss.exe
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\cscui.dll
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\cscript.exe
2008-12-28 19:51:31 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\devenum.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\defrag.exe
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-12-28 19:51:30 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dinput.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\digest.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\diantz.exe
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-12-28 19:51:29 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-12-28 19:51:28 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-12-28 19:51:28 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-12-28 19:51:28 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmime.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmband.dll
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-12-28 19:51:27 ----A---- C:\WINDOWS\system32\dispex.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-12-28 19:51:26 ----A---- C:\WINDOWS\system32\dmutil.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsound.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\drprov.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-12-28 19:51:25 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\duser.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dswave.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-12-28 19:51:24 ----A---- C:\WINDOWS\system32\dssec.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\exts.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\esent.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\es.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\els.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-28 19:51:23 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxscover.exe
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxscomex.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxscom.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fxsapi.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fontview.exe
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fontext.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\findstr.exe
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\feclient.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-12-28 19:51:22 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\glu32.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsui.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxstiff.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxst30.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxssvc.exe
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsst.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsres.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsperf.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsmon.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsext32.dll
2008-12-28 19:51:21 ----A---- C:\WINDOWS\system32\fxsevent.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\hlink.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\hid.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\help.exe
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-12-28 19:51:20 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\idq.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\icmp.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\icm32.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\htui.dll
2008-12-28 19:51:19 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\imapi.exe
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-12-28 19:51:18 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-12-28 19:51:17 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-28 19:51:17 ----A---- C:\WINDOWS\system32\imm32.dll
2008-12-28 19:51:17 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-12-28 19:51:17 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-12-28 19:51:17 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inseng.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\input.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\initpki.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-12-28 19:51:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\itss.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\itircl.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-12-28 19:51:15 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-12-28 19:51:14 ----A---- C:\WINDOWS\system32\jscript.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\logonui.exe
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\localui.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\localsec.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-12-28 19:51:13 ----A---- C:\WINDOWS\system32\licdll.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\makecab.exe
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\magnify.exe
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\lsass.exe
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-12-28 19:51:12 ----A---- C:\WINDOWS\system32\lpk.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mmc.exe
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mlang.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\midimap.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-12-28 19:51:11 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\moricons.dll
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\more.com
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\modemui.dll
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-28 19:51:10 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-28 19:51:09 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-12-28 19:51:09 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-12-28 19:51:09 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-12-28 19:51:09 ----A---- C:\WINDOWS\system32\mpr.dll
2008-12-28 19:51:09 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msdart.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msctf.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\mscms.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-12-28 19:51:08 ----A---- C:\WINDOWS\system32\msafd.dll
2008-12-28 19:51:07 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-28 19:51:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-28 19:51:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-28 19:51:07 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-28 19:51:07 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-28 19:51:06 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-28 19:51:06 ----A---- C:\WINDOWS\system32\mshta.exe
2008-12-28 19:51:06 ----A---- C:\WINDOWS\system32\msgina.dll
2008-12-28 19:51:06 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msidle.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msident.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\msi.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-12-28 19:51:05 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msisip.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-12-28 19:51:04 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-12-28 19:51:03 ----A---- C:\WINDOWS\system32\mstime.dll
2008-12-28 19:51:03 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-28 19:51:03 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-12-28 19:51:03 ----A---- C:\WINDOWS\system32\msrating.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\msutb.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-12-28 19:51:02 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msxml.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-12-28 19:51:01 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\netid.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\netdde.exe
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\net1.exe
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\net.exe
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\narrator.exe
2008-12-28 19:51:00 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netui1.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netui0.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netstat.exe
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netshell.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netsh.exe
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netrap.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netman.dll
2008-12-28 19:50:59 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\npptools.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\notepad.exe
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\system32\newdev.dll
2008-12-28 19:50:58 ----A---- C:\WINDOWS\notepad.exe
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\occache.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\objsel.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\oakley.dll
2008-12-28 19:50:57 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-12-28 19:50:56 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\pdh.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\packager.exe
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\osk.exe
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\ole32.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-12-28 19:50:55 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\polstore.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\pjlmon.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\ping.exe
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\pid.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\perfos.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-12-28 19:50:54 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qedit.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qdv.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\qcap.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\psbase.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\psapi.dll
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\proquota.exe
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\progman.exe
2008-12-28 19:50:53 ----A---- C:\WINDOWS\system32\profmap.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rcp.exe
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rastls.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\raschap.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\query.dll
2008-12-28 19:50:52 ----A---- C:\WINDOWS\system32\quartz.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rexec.exe
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\resutils.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\regapi.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\reg.exe
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-12-28 19:50:51 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\runonce.exe
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rsh.exe
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-12-28 19:50:50 ----A---- C:\WINDOWS\system32\riched20.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\scecli.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-12-28 19:50:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\sens.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\security.dll
2008-12-28 19:50:48 ----A---- C:\WINDOWS\system32\secur32.dll
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\sfc.dll
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\setup.exe
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\sethc.exe
2008-12-28 19:50:47 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-28 19:50:46 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-12-28 19:50:45 ----A---- C:\WINDOWS\system32\shell32.dll
2008-12-28 19:50:45 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shgina.dll
2008-12-28 19:50:44 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\sort.exe
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-12-28 19:50:43 ----A---- C:\WINDOWS\system32\skeys.exe
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-28 19:50:42 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\synceng.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\sxs.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\stobject.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\stimon.exe
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\sti.dll
2008-12-28 19:50:41 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\telnet.exe
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-12-28 19:50:40 ----A---- C:\WINDOWS\system32\syncui.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\txflog.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\tree.com
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\tracert.exe
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\themeui.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-28 19:50:39 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\url.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\ups.exe
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\upnp.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\uniime.dll
2008-12-28 19:50:38 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\utilman.exe
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\usp10.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\userenv.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\user32.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-12-28 19:50:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\wextract.exe
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\webvw.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\w32time.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\version.dll
2008-12-28 19:50:36 ----A---- C:\WINDOWS\system32\verifier.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\winmm.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-12-28 19:50:35 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\wmi.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\winver.exe
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\winsta.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\winscard.dll
2008-12-28 19:50:34 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wshext.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wscript.exe
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wow32.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-12-28 19:50:33 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-12-28 19:50:32 ----A---- C:\WINDOWS\system32\wship6.dll
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\format.com
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\cmd.exe
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\cacls.exe
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\autochk.exe
2008-12-28 19:50:30 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\locator.exe
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\localspl.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-12-28 19:50:29 ----A---- C:\WINDOWS\system32\ftp.exe
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\printui.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-12-28 19:50:28 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\services.exe
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\schannel.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\savedump.exe
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\samlib.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\rasman.dll
2008-12-28 19:50:27 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\userinit.exe
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\untfs.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\ulib.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-12-28 19:50:26 ----A---- C:\WINDOWS\system32\smss.exe
2008-12-28 19:50:25 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-12-28 19:50:17 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-12-28 19:50:17 ----A---- C:\WINDOWS\system32\hal.dll
2008-12-28 19:50:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-12-26 17:52:31 ----D---- C:\Program Files\Trend Micro
2008-12-26 15:12:17 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 20:39:11 ----A---- C:\WINDOWS\NetwkCfg.txt
2008-12-23 20:24:28 ----A---- C:\wizard.txt
2008-12-18 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 16:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 16:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 16:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 16:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 16:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-10 11:52:42 ----D---- C:\WINDOWS\Temp
2009-01-10 10:20:03 ----D---- C:\WINDOWS\Registration
2009-01-10 10:18:55 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-01-10 10:18:50 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-01-10 10:18:26 ----D---- C:\WINDOWS
2009-01-10 10:17:58 ----AD---- C:\WINDOWS\system32\drivers
2009-01-10 10:17:58 ----AD---- C:\WINDOWS\system32
2009-01-10 10:17:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 09:17:09 ----D---- C:\Program Files
2009-01-10 09:06:01 ----SHD---- C:\WINDOWS\Installer
2009-01-10 09:04:58 ----D---- C:\Program Files\Java
2009-01-02 10:21:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 07:33:02 ----D---- C:\WINDOWS\system32\wbem
2008-12-29 07:33:02 ----D---- C:\WINDOWS\AppPatch
2008-12-29 07:32:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-29 07:30:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-29 07:28:04 ----RSD---- C:\WINDOWS\assembly
2008-12-29 07:26:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 07:25:50 ----D---- C:\WINDOWS\system32\usmt
2008-12-29 07:25:48 ----D---- C:\WINDOWS\system32\Setup
2008-12-29 07:25:46 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 07:25:46 ----AD---- C:\WINDOWS\system32\oobe
2008-12-29 07:25:44 ----D---- C:\WINDOWS\system32\npp
2008-12-29 07:25:20 ----D---- C:\WINDOWS\system32\Com
2008-12-29 07:22:56 ----D---- C:\WINDOWS\system
2008-12-29 07:22:56 ----D---- C:\WINDOWS\srchasst
2008-12-29 07:22:55 ----D---- C:\WINDOWS\PeerNet
2008-12-29 07:22:53 ----D---- C:\WINDOWS\mui
2008-12-29 07:22:51 ----D---- C:\WINDOWS\msagent
2008-12-29 07:22:47 ----HD---- C:\WINDOWS\inf
2008-12-29 07:22:35 ----D---- C:\WINDOWS\ime
2008-12-29 07:22:35 ----D---- C:\WINDOWS\Help
2008-12-29 07:22:25 ----D---- C:\Program Files\Windows NT
2008-12-29 07:22:25 ----D---- C:\Program Files\Outlook Express
2008-12-29 07:22:23 ----D---- C:\Program Files\NetMeeting
2008-12-29 07:22:20 ----D---- C:\Program Files\Movie Maker
2008-12-29 07:22:19 ----D---- C:\Program Files\Messenger
2008-12-29 07:22:17 ----D---- C:\Program Files\Internet Explorer
2008-12-29 07:22:09 ----D---- C:\Program Files\Common Files\System
2008-12-29 07:19:18 ----SD---- C:\WINDOWS\Tasks
2008-12-28 20:26:10 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-28 20:15:00 ----D---- C:\Program Files\McAfee
2008-12-28 20:10:02 ----D---- C:\WINDOWS\security
2008-12-28 19:55:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-28 19:49:46 ----D---- C:\WINDOWS\ehome
2008-12-28 09:24:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-27 03:05:08 ----A---- C:\WINDOWS\imsins.BAK
2008-12-26 15:32:37 ----SD---- C:\Documents and Settings\McCarter\Application Data\Microsoft
2008-12-26 15:29:39 ----D---- C:\Program Files\lx_cats
2008-12-26 15:27:33 ----D---- C:\WINDOWS\system32\config
2008-12-21 08:24:06 ----A---- C:\WINDOWS\system32\user32(2).DLL
2008-12-18 03:00:35 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-11-01 21419]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-19 8552]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-07-03 12544]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-18 1155584]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-08-25 61824]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-08-22 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-07-13 74752]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-23 4374016]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-02 1706752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-01-13 76544]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-02 191968]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IO_Memory;IO_Memory; \??\c:\sysprep\Drivers\ioport.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SVRPEDRV;SVRPEDRV; \??\C:\SYSPREP\PEDrv.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-07-03 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-07-03 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-07-03 937984]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2006-02-07 35840]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------

#9 User is offline   thewall 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,414
  • Joined: 19-June 07
  • Gender:Male
  • Location:Florida

Posted 10 January 2009 - 04:50 PM

That's looking better. :thumbsup: Let's go ahead and take a look at the info.txt which will be located at:

C:\rsit\info.txt

If you would post that and tell me if everything else is running OK.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 User is offline   rmccarter2 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 26-December 08

Posted 12 January 2009 - 07:32 PM

info.txt logfile of random's system information tool 1.05 2009-01-10 12:45:41

======Uninstall list======

-->C:\Program Files\Yahoo!\Yahoo! Music Engine\oggcodecs\uninst.exe
-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client-->C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Desktop Dialer-->C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
FATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB894871)-->"C:\WINDOWS\$NtUninstallKB894871$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895200)-->"C:\WINDOWS\$NtUninstallKB895200$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896243)-->"C:\WINDOWS\$NtUninstallKB896243$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB917332)-->"C:\WINDOWS\$NtUninstallKB917332$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PixiePack Codec Pack-->MsiExec.exe /I{582610B8-E496-4813-993C-4B027173FE38}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
StyleEase for APA Style-->C:\PROGRA~1\STYLEE~1\UNWISE.EXE C:\PROGRA~1\STYLEE~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
TOSHIBA Disc Creator-->MsiExec.exe /X{529DDE6B-4F31-438B-B218-F36266ABD8C0}
TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->MsiExec.exe /X{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" -l0x9 -removeonly
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Music Downloads Store-->MsiExec.exe /I{B8A432E2-D541-4F48-B9E8-243BEEC3D158}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884018-->C:\WINDOWS\$NtUninstallKB884018$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB888622-->C:\WINDOWS\$NtUninstallKB888622$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890546-->C:\WINDOWS\$NtUninstallKB890546$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893056-->C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB914548-->"C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

Hosts File Missing
======Security center information======

AV: McAfee VirusScan

System event log

Computer Name: ROB2
Event Code: 7036
Message: The iPod Service service entered the running state.

Record Number: 21802
Source Name: Service Control Manager
Time Written: 20081220191217.000000-300
Event Type: information
User:

Computer Name: ROB2
Event Code: 7035
Message: The iPod Service service was successfully sent a start control.

Record Number: 21801
Source Name: Service Control Manager
Time Written: 20081220191217.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ROB2
Event Code: 7036
Message: The lxcr_device service entered the running state.

Record Number: 21800
Source Name: Service Control Manager
Time Written: 20081220191210.000000-300
Event Type: information
User:

Computer Name: ROB2
Event Code: 7035
Message: The lxcr_device service was successfully sent a start control.

Record Number: 21799
Source Name: Service Control Manager
Time Written: 20081220191210.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ROB2
Event Code: 7036
Message: The Roxio Hard Drive Watcher 9 service entered the stopped state.

Record Number: 21798
Source Name: Service Control Manager
Time Written: 20081220191143.000000-300
Event Type: information
User:

Application event log

Computer Name: ANGIENROB
Event Code: 0
Message:
Record Number: 6906
Source Name: mcmispupdmgr
Time Written: 20080421141840.000000-240
Event Type: information
User:

Computer Name: ANGIENROB
Event Code: 0
Message:
Record Number: 6905
Source Name: mcmispupdmgr
Time Written: 20080421141840.000000-240
Event Type: information
User:

Computer Name: ANGIENROB
Event Code: 0
Message:
Record Number: 6904
Source Name: mcmispupdmgr
Time Written: 20080421101143.000000-240
Event Type: information
User:

Computer Name: ANGIENROB
Event Code: 0
Message:
Record Number: 6903
Source Name: mcmispupdmgr
Time Written: 20080421101126.000000-240
Event Type: information
User:

Computer Name: ANGIENROB
Event Code: 0
Message:
Record Number: 6902
Source Name: mcmispupdmgr
Time Written: 20080421101126.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

#11 User is offline   thewall 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 6,414
  • Joined: 19-June 07
  • Gender:Male
  • Location:Florida

Posted 13 January 2009 - 12:07 PM

You now appear to be clean. Congratulations! :thumbsup:

If you have any other problems let me know of them. Other than that please do the following:



Cleanup! with OTMoveIt

Let's remove all the tools we've used.

* Double click OTMoveIt3.exe to run it.
* Click the Clean Up button at the top . If you recieve a warning from your security program, select allow to download the packet.
* A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
* If required for a reboot click Yes




Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • You are in need of a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: *PC Tool Firewall Plus or Zonealarm
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    *If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date


Thanks for using BleepingComputer!



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 User is offline   Shaba 

  • Koutsi
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 7,310
  • Joined: 08-July 06
  • Gender:Male
  • Location:Finland

Posted 16 January 2009 - 01:34 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users