Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Packed Win32.monder.gen


  • Please log in to reply
1 reply to this topic

#1 urbane.tiger

urbane.tiger

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 19 April 2008 - 06:24 AM

Deckard's System Scanner v20071014.68
Run by Philip Daniels on 2008-04-19 18:22:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-04-19 08:22:09 UTC - RP80 - Deckard's System Scanner Restore Point
79: 2008-04-19 00:44:32 UTC - RP79 - Installed %1 %2.
78: 2008-04-17 08:46:36 UTC - RP78 - Installed Kaspersky Internet Security 7.0.
77: 2008-04-17 08:33:52 UTC - RP77 - Removed Kaspersky Internet Security 7.0.
76: 2008-04-17 07:20:05 UTC - RP76 - Installed Kaspersky Internet Security 7.0.


-- First Restore Point --
1: 2008-04-16 09:46:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Philip Daniels.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:51, on 19-04-08
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe
C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe
C:\Program Files\EscapeClosePro\EscapeClosePro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\TypeItIn\typeitin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Philip Daniels\Desktop\Downloads\Software\Protection and Security\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philip Daniels.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F362DE5-AE75-4AF9-98CC-BEC900170A6B} - C:\WINDOWS\system32\wvUnKApQ.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CFi ShellToys Utility Manager] "C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe" -start
O4 - HKCU\..\Run: [CFi ShellToys Clipboard History] "C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe" -start
O4 - HKCU\..\Run: [HSLAB Shutdown Folder Lite] C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe
O4 - HKCU\..\Run: [HSLAB Shutdown Folder] C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe
O4 - HKCU\..\Run: [EscapeClose] C:\Program Files\EscapeClosePro\EscapeClosePro.exe
O4 - HKCU\..\Run: [EssentialPIM] "C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [PegtopPStart] C:\Program Files\Pegtop\PStart\PStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [LAzd51jaBr] C:\Documents and Settings\All Users\Application Data\yxehipkh\yfejkjyz.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\typeitin.exe
O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Startup: Windows Live Mail.lnk = C:\Program Files\Windows Live\Mail\wlmail.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207451446281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: sspwlquc - sspwlquc.dll (file missing)
O20 - Winlogon Notify: __c00B802D - C:\WINDOWS\
O21 - SSODL: KbdWin - {41325bab-301e-4bec-a7bb-6043e492b17e} - C:\WINDOWS\Resources\KbdWin.dll (file missing)
O21 - SSODL: ComponentUnknown - {f7b23f40-295f-4ddb-b434-4b7b82b74086} - C:\WINDOWS\Resources\ComponentUnknown.dll (file missing)
O21 - SSODL: AvpKbd - {fe924e18-4182-4068-a98f-08dc70dc208a} - C:\WINDOWS\Resources\AvpKbd.dll (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9685 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FileCloner - c:\windows\system32\drivers\famfd.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 WFIOCTL - c:\program files\winfast\wftvfm\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-19 18:17:00 272 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 17:57:39 0 d-------- C:\Program Files\Trend Micro
2008-04-19 17:04:26 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\IEPro
2008-04-19 17:04:17 0 d-------- C:\Program Files\IEPro
2008-04-19 11:02:57 0 d-------- C:\Program Files\Microsoft ASP.NET 3.5 Extensions
2008-04-19 08:54:11 0 d-------- C:\NETFramework35Enhancements_TrainingKit
2008-04-19 08:03:24 0 d-------- C:\Documents and Settings\Philip Daniels\Contacts
2008-04-17 18:48:10 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 18:48:10 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 18:47:00 1679648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-17 18:47:00 20364320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 18:46:58 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-17 18:46:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-17 17:17:21 0 d-------- C:\KAV
2008-04-17 17:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-17 14:02:56 0 d-------- C:\Program Files\Enigma Software Group
2008-04-17 12:42:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Subversion
2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-17 12:36:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-17 12:36:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-17 12:36:44 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-17 12:36:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-17 12:36:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-17 12:36:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-17 12:36:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-17 12:36:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-17 10:26:47 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 10:26:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 08:54:23 0 d-------- C:\Program Files\MWSnap
2008-04-16 19:43:53 90077 --ahs---- C:\WINDOWS\system32\QpAKnUvw.ini2
2008-04-16 19:36:41 0 d-------- C:\Documents and Settings\All Users\Application Data\yxehipkh
2008-04-16 16:27:46 0 d-------- C:\Program Files\Tracker Software
2008-04-16 00:15:57 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Pegtop
2008-04-16 00:06:37 0 d-------- C:\Program Files\Pegtop
2008-04-15 18:30:53 0 d-------- C:\_BitTorrent
2008-04-15 15:49:46 0 d-------- C:\_BitTorrentUpLoads
2008-04-15 13:31:07 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-04-15 13:31:07 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-15 13:31:06 0 d-------- C:\Program Files\ffdshow
2008-04-15 13:27:53 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-04-15 13:18:33 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\SWiSHvideo
2008-04-15 13:13:22 0 d-------- C:\Program Files\SWiSH Video2
2008-04-15 12:51:32 0 d-------- C:\Program Files\Winamp Toolbar
2008-04-15 12:51:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-15 12:51:10 0 d-------- C:\Program Files\Winamp
2008-04-15 12:51:10 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Winamp
2008-04-15 12:26:30 0 d-------- C:\WinFast WorkArea
2008-04-15 00:11:52 368 --a------ C:\drmHeader.bin
2008-04-14 22:41:33 0 d-------- C:\Program Files\EscapeClosePro
2008-04-14 14:20:05 0 d-------- C:\Program Files\FileBX
2008-04-12 21:07:52 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Windows Live Writer
2008-04-12 19:21:04 0 d-------- C:\Program Files\Xceed
2008-04-12 19:17:37 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Downloaded Installations
2008-04-11 17:09:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\DivX
2008-04-11 17:08:02 0 d-------- C:\Program Files\DivX
2008-04-11 09:24:30 0 d-------- C:\Program Files\uTorrent
2008-04-11 09:24:21 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\uTorrent
2008-04-11 04:15:50 0 d-------- C:\Documents and Settings\Philip Daniels\.dia
2008-04-11 04:08:51 0 d-------- C:\Program Files\Dia
2008-04-11 02:48:26 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-10 19:02:04 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Forte
2008-04-10 19:01:49 0 d-------- C:\Program Files\Agent
2008-04-10 08:43:37 0 d-------- C:\Program Files\TopCoder UML Tool
2008-04-09 02:12:15 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-09 01:36:34 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Genie-soft
2008-04-09 01:36:00 31232 --a------ C:\WINDOWS\system32\drivers\famfd.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver>
2008-04-09 01:35:54 0 d-------- C:\Program Files\File Access Manager
2008-04-09 01:35:46 0 d-------- C:\Program Files\Common Files\Genie-Soft Shared6
2008-04-09 01:35:45 0 d-------- C:\Program Files\Genie-Soft
2008-04-08 22:33:27 122880 --a------ C:\WINDOWS\UnGins.exe
2008-04-08 22:33:26 0 d-------- C:\Program Files\EscapeClose
2008-04-08 21:50:10 110592 --a------ C:\WINDOWS\system32\ccrpbds6.dll <Not Verified; Common Controls Replacement Project (CCRP); CCRPBrowseDlgSvr6.BrowseDialog>
2008-04-08 21:50:10 0 d-------- C:\Program Files\JerMar Software Corp
2008-04-08 21:14:35 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Direct Folders
2008-04-08 18:20:53 41472 --a------ C:\WINDOWS\system32\typeitin.dll
2008-04-08 18:20:53 0 d-------- C:\Program Files\TypeItIn
2008-04-08 14:10:50 0 d-------- C:\Program Files\FolderView
2008-04-08 13:48:19 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Help
2008-04-08 13:18:35 0 d-------- C:\Program Files\TabbedNotePad
2008-04-08 04:20:08 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Handy Software Lab
2008-04-08 04:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Handy Software Lab
2008-04-08 04:00:57 0 d-------- C:\Program Files\X-Setup Pro
2008-04-07 16:48:04 0 d-------- C:\Program Files\LeechGet 2004
2008-04-07 16:41:57 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Apple Computer
2008-04-07 15:16:37 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Talkback
2008-04-07 13:40:23 0 d-------- C:\Program Files\MSDN
2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\js
2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\images
2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\html
2008-04-07 13:11:01 0 d-------- C:\WINDOWS\system32\css
2008-04-07 13:11:01 0 d-------- C:\Program Files\Business Objects
2008-04-07 13:03:25 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 13:01:42 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-07 13:00:37 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-04-07 12:58:11 0 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-07 12:56:50 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-07 12:48:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-04-07 12:44:56 0 d-------- C:\WINDOWS\symbols
2008-04-07 12:41:37 0 d-------- C:\Program Files\Microsoft SDKs
2008-04-07 12:41:37 0 d-------- C:\Program Files\HTML Help Workshop
2008-04-07 12:41:37 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-04-07 12:41:36 0 d-------- C:\Program Files\Microsoft.NET
2008-04-07 12:41:36 0 d-------- C:\Program Files\CE Remote Tools
2008-04-07 12:41:35 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-07 12:41:31 0 d-------- C:\Program Files\FreshDevices
2008-04-07 12:39:03 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-04-07 12:38:38 0 dr-h----- C:\MSOCache
2008-04-07 12:36:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 12:34:14 0 d-------- C:\Program Files\MSBuild
2008-04-07 12:34:01 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 12:33:46 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 12:23:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Citeknet
2008-04-07 12:21:48 0 d--h----- C:\WINDOWS\PIF
2008-04-07 12:18:33 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Windows Desktop Search
2008-04-07 11:49:20 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\TeraCopy
2008-04-07 11:49:15 0 d-------- C:\Program Files\TeraCopy
2008-04-07 09:19:58 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-07 03:04:41 0 d-------- C:\_Temporary
2008-04-07 01:42:00 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\CFi ShellToys
2008-04-07 00:49:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-07 00:33:33 0 d-------- C:\Program Files\Microsoft Hardware
2008-04-07 00:24:21 0 d-------- C:\Program Files\SysinternalsSuite
2008-04-07 00:19:22 0 d-------- C:\Program Files\XPSysPad
2008-04-07 00:18:18 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-04-07 00:18:17 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-04-07 00:18:17 0 d-------- C:\Program Files\PDFCreator
2008-04-07 00:13:25 0 d-------- C:\Program Files\WinPcap
2008-04-07 00:11:54 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-07 00:11:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Logitech
2008-04-06 23:59:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-06 23:59:05 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-06 23:59:04 0 d-------- C:\Program Files\Logitech
2008-04-06 23:59:03 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\InstallShield
2008-04-06 23:54:01 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Hyperionics
2008-04-06 23:44:55 0 d-------- C:\Program Files\CCleaner
2008-04-06 23:37:54 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-04-06 23:37:54 0 d-------- C:\Program Files\Belarc
2008-04-06 23:35:01 0 d-------- C:\Program Files\IFilterShop
2008-04-06 23:33:54 94208 --a------ C:\WINDOWS\system32\JpegIFilter.dll <Not Verified; AimingTech Company; JPEG IFilter Beta>
2008-04-06 23:33:54 0 d-------- C:\Program Files\JPEG IFilter
2008-04-06 23:27:49 0 d-------- C:\Program Files\Citeknet
2008-04-06 23:04:06 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-06 23:03:34 0 d-------- C:\6bf02651d93f2bc9a5922e92
2008-04-06 22:52:52 0 d-------- C:\Program Files\Locate
2008-04-06 22:48:43 0 d-------- C:\_Backups
2008-04-06 22:47:19 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\EssentialPIM
2008-04-06 22:47:14 0 d-------- C:\Program Files\EssentialPIM
2008-04-06 22:45:34 0 d-------- C:\Program Files\Angel Writer
2008-04-06 22:43:47 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\3M
2008-04-06 22:43:29 0 d-------- C:\Program Files\3M
2008-04-06 22:39:16 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2008-04-06 22:38:42 0 d-------- C:\Program Files\Google
2008-04-06 22:38:39 0 d-------- C:\Program Files\Picasa2
2008-04-06 22:36:05 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\CursorArts
2008-04-06 22:35:56 0 d-------- C:\Program Files\ImageForge3
2008-04-06 22:34:59 0 d-------- C:\Program Files\IrfanView
2008-04-06 22:34:02 0 d-------- C:\Program Files\Inkscape
2008-04-06 22:31:31 0 d-------- C:\Documents and Settings\Philip Daniels\.gimp-2.2
2008-04-06 22:31:00 0 d-------- C:\Program Files\GIMP-2.0
2008-04-06 22:30:25 0 d-------- C:\Program Files\Common Files\GTK
2008-04-06 22:24:53 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\WinRAR
2008-04-06 22:22:38 0 d-------- C:\Program Files\CFi
2008-04-06 22:21:58 0 d-------- C:\Program Files\GnuWin32
2008-04-06 22:17:46 0 d-------- C:\Program Files\Lupas Rename 2000
2008-04-06 22:16:59 0 d-------- C:\Program Files\Directory Lister
2008-04-06 22:14:53 24576 --a------ C:\WINDOWS\uninjssv.exe <Not Verified; JSWare; ProjectSVUninstall>
2008-04-06 22:14:53 45056 --a------ C:\WINDOWS\system32\JSStrms2.dll <Not Verified; JSWare; Stream Viewer>
2008-04-06 22:13:43 0 d-------- C:\Program Files\Rekenwonder Software
2008-04-06 22:10:25 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Subversion
2008-04-06 22:07:42 0 d-------- C:\Program Files\TortoiseSVN
2008-04-06 21:54:25 0 d-------- C:\Program Files\QuickTime
2008-04-06 21:54:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 21:44:13 0 d-------- C:\Program Files\Classic Windows Media Player
2008-04-06 21:43:42 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Media Player Classic
2008-04-06 21:31:23 0 d-------- C:\Program Files\Audacity
2008-04-06 21:22:43 0 d-------- C:\Program Files\TheSage
2008-04-06 21:19:32 0 d-------- C:\Program Files\Calc98
2008-04-06 21:14:20 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\vlc
2008-04-06 21:08:38 0 d-------- C:\Program Files\VideoLAN
2008-04-06 20:58:03 0 d--hs---- C:\WINDOWS\Installer
2008-04-06 20:58:03 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-06 20:57:59 0 dr------- C:\Program Files
2008-04-06 20:57:59 0 d-------- C:\Program Files\Common Files
2008-04-06 20:57:59 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-06 20:57:37 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-06 20:57:37 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-06 20:57:37 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-06 20:57:37 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-06 20:57:37 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-06 20:57:37 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-06 20:57:25 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-06 20:57:25 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-06 20:57:20 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-06 20:57:20 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-06 20:57:19 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-06 20:57:19 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-06 20:56:14 0 d--hs---- C:\System Volume Information
2008-04-06 20:56:14 0 d-------- C:\Documents and Settings
2008-04-06 20:54:24 0 d-------- C:\Program Files\xint
2008-04-06 20:48:11 0 d-------- C:\WINDOWS
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\WinSxS
2008-04-06 20:48:11 0 dr------- C:\WINDOWS\Web
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\twain_32
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\wins
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\wbem
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\usmt
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\spool
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\Setup
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ras
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\oobe
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\npp
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\mui
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\IME
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\ias
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\export
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-06 20:48:11 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\config
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\3076
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\2052
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1054
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1042
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1041
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1037
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1033
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1031
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1028
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system32\1025
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\system
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\security
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Resources
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\repair
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Provisioning
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\PeerNet
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\pchealth
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\mui
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\msapps
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\msagent
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Media
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\java
2008-04-06 20:48:11 0 d--h----- C:\WINDOWS\inf
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\ime
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Help
2008-04-06 20:48:11 0 dr--s---- C:\WINDOWS\Fonts
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Driver Cache
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Debug
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Cursors
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\Config
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\AppPatch
2008-04-06 20:48:11 0 d-------- C:\WINDOWS\addins
2008-04-06 20:28:02 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Download Manager
2008-04-06 20:27:43 0 d-------- C:\WINDOWS\Sun
2008-04-06 18:13:44 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-06 16:35:43 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Macromedia
2008-04-06 16:35:38 1167 --a------ C:\WINDOWS\mozver.dat
2008-04-06 16:26:11 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\OpenOffice.org2
2008-04-06 16:24:38 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-06 16:24:16 0 d-------- C:\Program Files\Java
2008-04-06 16:24:15 0 d-------- C:\Program Files\Common Files\Java
2008-04-06 16:24:09 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Sun
2008-04-06 16:23:24 0 d-------- C:\_Sandpit
2008-04-06 16:06:22 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-06 16:05:45 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-06 16:05:44 0 d-------- C:\Program Files\Windows Live Favorites
2008-04-06 16:05:06 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-06 16:01:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-06 16:01:32 0 d-------- C:\Program Files\Windows Live
2008-04-06 16:01:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 15:51:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-06 15:50:55 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-06 15:50:55 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-06 15:28:34 0 d-------- C:\Documents and Settings\Philip Daniels\dwhelper
2008-04-06 15:03:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-06 15:03:34 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Mozilla
2008-04-06 13:55:07 0 d-------- C:\Program Files\Digital Locker Assistant
2008-04-06 13:44:09 0 d-------- C:\Program Files\zabkat
2008-04-06 13:39:26 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-06 13:32:50 0 d-------- C:\WINDOWS\Prefetch
2008-04-06 13:26:36 0 d-------- C:\WINDOWS\system32\en
2008-04-06 13:26:36 0 d-------- C:\WINDOWS\system32\bits
2008-04-06 13:26:36 0 d-------- C:\WINDOWS\l2schemas
2008-04-06 13:25:36 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-06 13:23:21 0 d-------- C:\WINDOWS\EHome
2008-04-06 13:12:17 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-06 13:08:14 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-06 12:43:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 12:41:13 0 d-------- C:\WINDOWS\network diagnostic
2008-04-06 12:41:09 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-06 12:35:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-06 12:32:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-06 12:22:02 0 d--hs---- C:\Documents and Settings\Philip Daniels\UserData
2008-04-06 11:57:38 9600 --a------ C:\WINDOWS\system32\drivers\winfoxiobackup.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)>
2008-04-06 11:56:18 1138688 --a------ C:\WINDOWS\system32\WINFOXUT.dll <Not Verified; Leadtek Research Inc.; WinFox Utility Library(Windows 95/98//ME/NT/2000/XP/X64)>
2008-04-06 11:56:18 28672 --a------ C:\WINDOWS\system32\winfoxin.exe <Not Verified; Leadtek Research Inc.; WinFox Initial(Windows 2000/XP)>
2008-04-06 11:56:18 102400 --a------ C:\WINDOWS\system32\WFTime.SCR <Not Verified; Leadtek Research Inc.; WinFox Time Screen Saver>
2008-04-06 11:56:18 307200 --a------ C:\WINDOWS\system32\WFSrSv.SCR <Not Verified; Leadtek Research Inc.; WinFast Screen Saver>
2008-04-06 11:56:18 110592 --a------ C:\WINDOWS\system32\WFline.SCR <Not Verified; Leadtek Research Inc.; WinFox Line Screen Saver>
2008-04-06 11:56:18 668672 --a------ C:\WINDOWS\system32\WF2KCPL.dll <Not Verified; Leadtek Research Inc.; WinFast Display Property Sheet Extension>
2008-04-06 11:56:17 1490944 --a------ C:\WINDOWS\system32\Wf2k.exe <Not Verified; Leadtek Research Inc.; WinFox V2.0(Windows 95/98//ME/2000/XP)>
2008-04-06 11:56:17 13692 --a------ C:\WINDOWS\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver>
2008-04-06 11:56:17 22528 --a------ C:\WINDOWS\system32\drivers\WFIO64DR.sys <Not Verified; Leadtek Research Inc.; WinFox I/O 64bit Device (Windows X64)>
2008-04-06 11:56:17 0 d-------- C:\Program Files\Leadtek Research Inc
2008-04-06 11:56:07 0 d-------- C:\Documents and Settings\Philip Daniels\WINDOWS
2008-04-06 11:49:49 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\AdobeUM
2008-04-06 11:49:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 11:49:41 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Adobe
2008-04-06 11:49:14 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-06 11:48:54 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-06 11:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-06 11:47:57 49152 --a------ C:\WINDOWS\system32\TempDel.EXE <Not Verified; Leadtek Research Inc.; Leadtek Research Inc. TempDel>
2008-04-06 11:47:53 9446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>
2008-04-06 11:47:51 0 d-------- C:\Program Files\WinFast
2008-04-06 11:43:51 0 d-------- C:\WINDOWS\nview
2008-04-06 11:43:44 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2008-04-06 11:43:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-04-06 11:43:41 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-04-06 11:43:40 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-04-06 11:43:39 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-04-06 11:43:37 1470464 --a------ C:\WINDOWS\system32\nview.dll
2008-04-06 11:43:37 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2008-04-06 11:43:37 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-04-06 11:43:30 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-04-06 11:43:30 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2008-04-06 11:43:16 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-06 11:43:08 0 d-------- C:\WINDOWS\system32\WinFast
2008-04-06 11:42:36 0 d-------- C:\WINDOWS\system32\WinFox
2008-04-06 11:42:36 9600 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)>
2008-04-06 11:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-06 11:27:38 0 d-------- C:\Program Files\Gigabyte
2008-04-06 11:27:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-06 11:26:07 0 d-------- C:\WINDOWS\Cache
2008-04-06 11:24:27 0 d-------- C:\WINDOWS\system32\Lang
2008-04-06 11:22:10 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-06 11:21:55 1953792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe <Not Verified; Gigabyte Technology Corp.; Gigabyte RAID Configurer>
2008-04-06 11:21:55 139264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-04-06 11:21:51 0 d-------- C:\WINDOWS\JM
2008-04-06 11:21:48 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-06 11:21:26 0 d-------- C:\Program Files\Realtek
2008-04-06 11:21:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 11:21:23 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-06 11:20:25 0 d-------- C:\Program Files\Marvell
2008-04-06 11:20:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 11:17:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-06 11:17:50 0 d-------- C:\Program Files\Intel
2008-04-06 11:16:25 0 d-------- C:\Documents and Settings\Philip Daniels\Application Data\Identities
2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\Templates
2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\Start Menu
2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\SendTo
2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\Recent
2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\PrintHood
2008-04-06 11:16:17 3670016 --ah----- C:\Documents and Settings\Philip Daniels\NTUSER.DAT
2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\NetHood
2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\My Documents
2008-04-06 11:16:17 0 d--h----- C:\Documents and Settings\Philip Daniels\Local Settings
2008-04-06 11:16:17 0 dr------- C:\Documents and Settings\Philip Daniels\Favorites
2008-04-06 11:16:17 0 d-------- C:\Documents and Settings\Philip Daniels\Desktop
2008-04-06 11:16:17 0 d--hs---- C:\Documents and Settings\Philip Daniels\Cookies
2008-04-06 11:16:17 0 dr-h----- C:\Documents and Settings\Philip Daniels\Application Data
2008-04-06 11:15:38 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-06 11:15:36 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-06 11:15:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-06 11:15:36 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-06 11:15:36 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-06 11:15:36 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-06 11:15:35 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-06 11:15:24 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-06 11:15:24 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-06 11:15:24 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-06 11:15:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-06 11:15:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-06 11:12:39 0 d-------- C:\WINDOWS\system32\xircom
2008-04-06 11:12:39 0 d-------- C:\Program Files\microsoft frontpage
2008-04-06 11:12:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-06 11:12:31 0 -rahs---- C:\MSDOS.SYS
2008-04-06 11:12:31 0 -rahs---- C:\IO.SYS
2008-04-06 11:12:31 0 --a------ C:\CONFIG.SYS
2008-04-06 11:12:31 0 --a------ C:\AUTOEXEC.BAT
2008-04-06 11:11:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-06 11:11:40 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-06 11:11:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-06 11:11:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-06 11:11:12 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-06 11:10:40 0 d---s---- C:\WINDOWS\Tasks
2008-04-06 11:10:39 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-06 11:10:35 0 d-------- C:\WINDOWS\srchasst
2008-04-06 11:10:34 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-06 11:10:25 0 d-------- C:\Program Files\Movie Maker
2008-04-06 11:10:17 0 d-------- C:\WINDOWS\system32\Restore
2008-04-06 11:09:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-06 11:09:45 0 d-------- C:\WINDOWS\Registration
2008-04-06 11:09:24 0 d-------- C:\Program Files\Online Services
2008-04-06 11:09:19 0 d-------- C:\Program Files\Messenger
2008-04-06 11:09:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-06 11:08:32 0 d-------- C:\Program Files\Windows NT
2008-04-06 11:08:29 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-06 11:08:27 0 d-------- C:\WINDOWS\system32\Com
2008-04-01 07:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 07:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 07:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 07:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 07:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-22 06:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 06:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 06:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 06:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-06 20:57:37 62 --ahs---- C:\Documents and Settings\Philip Daniels\Application Data\desktop.ini
2008-02-01 11:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
20-03-08 08:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F362DE5-AE75-4AF9-98CC-BEC900170A6B}]
C:\WINDOWS\system32\wvUnKApQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
25-03-08 12:52 1099456 --a------ C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [20-03-08 08:36 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [14-11-06 19:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16-05-06 20:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03-05-05 20:43 C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [31-10-06 14:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [17-11-06 11:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11-08-06 21:43]
"nwiz"="nwiz.exe" [11-08-06 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11-08-06 21:43]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-07 02:17 C:\WINDOWS\KHALMNPR.Exe]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [21-03-02 20:41]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08-02-08 18:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-08 22:16]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFi ShellToys Utility Manager"="C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe" [25-02-08 15:22]
"CFi ShellToys Clipboard History"="C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe" [07-04-08 01:47]
"HSLAB Shutdown Folder Lite"="C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe" []
"HSLAB Shutdown Folder"="C:\Program Files\Handy Software Lab\HSLAB Shutdown Folder\sf.exe" []
"EscapeClose"="C:\Program Files\EscapeClosePro\EscapeClosePro.exe" [13-12-06 17:32]
"EssentialPIM"="C:\Program Files\EssentialPIM\EssentialPIM.exe" [22-12-07 00:25]
"PegtopPStart"="C:\Program Files\Pegtop\PStart\PStart.exe" [16-04-08 00:06]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-07 11:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Philip Daniels\Start Menu\Programs\Startup\
FileBox eXtender.lnk - C:\Program Files\FileBX\FileBX.exe [4/16/2008 11:08:38 PM]
Locate32 Autorun.lnk - C:\Program Files\Locate\Locate32.exe [10/22/2006 3:00:00 AM]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]
Post-it© Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM]
TypeItIn.lnk - C:\Program Files\TypeItIn\typeitin.exe [4/8/2008 6:20:53 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe [10/23/2007 12:13:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"LAzd51jaBr"=C:\Documents and Settings\All Users\Application Data\yxehipkh\yfejkjyz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"=00000000
"NoWinKeys"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{067B597C-C099-4A08-A180-E5FEC5DCF2DF}"= C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll [25-02-08 15:22 43008]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05-02-07 15:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KbdWin"= {41325bab-301e-4bec-a7bb-6043e492b17e} - C:\WINDOWS\Resources\KbdWin.dll [ ]
"ComponentUnknown"= {f7b23f40-295f-4ddb-b434-4b7b82b74086} - C:\WINDOWS\Resources\ComponentUnknown.dll [ ]
"AvpKbd"= {fe924e18-4182-4068-a98f-08dc70dc208a} - C:\WINDOWS\Resources\AvpKbd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09-01-08 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sspwlquc]
sspwlquc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00B802D]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\PROGRAM FILES\SYSINTERNALSSUITE\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnKApQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-04-19 18:29:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3070.42 MiB / 2370.39 MiB
Pagefile Memory (total/avail): 4446.24 MiB / 3877.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1877.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 191.41 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 186.46 GiB free.
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - SATA WDC WD25 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - SATA WDC WD25 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Philip Daniels\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILS-SYSTEM
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Philip Daniels
LOGONSERVER=\\PHILS-SYSTEM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp
USERDOMAIN=PHILS-SYSTEM
USERNAME=Philip Daniels
USERPROFILE=C:\Documents and Settings\Philip Daniels
VS90COMNTOOLS=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Philip Daniels (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Philip Daniels\Local Settings\Application Data\{EEFA5AD6-80AE-44E9-B1E7-3005A085ADF7}\FbxSetup.exe
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@BIOS B06.1124.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
ADO.NET Entity Framework 1.0 (Pre-Release Version) --> c:\WINDOWS\Microsoft.NET\Framework\v3.5\ADO.NET Entity Framework 1.0 (Pre-Release Version)\install.exe
ADO.NET Entity Framework 1.0 (Pre-Release Version) --> MsiExec.exe /I{CD0A3112-39C9-43F4-99CF-F31EAF48099F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PDF IFilter 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PDF IFilter 6.0\Uninst.isu"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Angel Writer 3.1 --> "C:\Program Files\Angel Writer\unins000.exe"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Calc98 --> C:\Program Files\Calc98\setup.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CFi ShellToys v6.3.0 --> "C:\Program Files\CFi\ShellToys\unins000.exe"
Citeknet CHM IFilter (Beta) --> MsiExec.exe /I{997A73A2-FF87-4A47-A358-DC2FD4D2C644}
Citeknet EXE IFilter --> MsiExec.exe /I{7EDC893F-1E95-4CEB-BA5D-300AD7C1F754}
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Dia (remove only) --> C:\Program Files\Dia\dia-0.96.1-7-uninstall.exe
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
Directory Lister v0.9 --> "C:\Program Files\Directory Lister\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMIView B06.1227.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
EscapeClose --> C:\WINDOWS\UnGins.exe "C:\Program Files\EscapeClose\install.log"
EscapeClose Pro --> C:\WINDOWS\UnGins.exe "C:\Program Files\EscapeClosePro\install.log"
EssentialPIM --> C:\Program Files\EssentialPIM\uninstall.exe
ETC B07.0116.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}\setup.exe" -l0x9 -removeonly
Face_Wizard B06.1129.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly
ffdshow [rev 1928] [2008-04-10] --> "C:\Program Files\ffdshow\unins000.exe"
File Access Manager (remove only) --> "C:\Program Files\File Access Manager\uninstall.exe"
FileBox eXtender --> "C:\Documents and Settings\Philip Daniels\Local Settings\Application Data\{EEFA5AD6-80AE-44E9-B1E7-3005A085ADF7}\FbxSetup.exe" REMOVE=TRUE MODIFY=FALSE
Forté Agent --> C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG
Genie Backup Manager PE 6.0 --> "C:\Program Files\Genie-Soft\GBMPE 6.0\unins000.exe"
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
GIMPshop 2.2.8 --> C:\Program Files\GIMP-2.0\bin\uninst.exe
GnuWin32: CoreUtils version 5.3.0 --> "C:\Program Files\GnuWin32\uninstall\unins000.exe"
GTK+ 2.6.10-20050823 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
i-Cool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28184E01-D57A-4933-A09B-F65403F16D82}\setup.exe" -l0x9 -uninst -removeonly
IE7Pro --> C:\Program Files\IEPro\uninst.exe
IFilterShop PDF+ IFilter WE 2.0 (remove only) --> C:\Program Files\IFilterShop\PdfPlusFilter\uninstall.exe
IFilterShop StarOffice/OpenOffice IFilter WE 1.2 (remove only) --> C:\Program Files\IFilterShop\SOFilter\uninstall.exe
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageForge version 3.60 --> "C:\Program Files\ImageForge3\unins000.exe"
Inkscape 0.45 --> "C:\Program Files\Inkscape\uninst.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JPEG IFilter 1.0 --> "C:\Program Files\JPEG IFilter\unins000.exe"
jsFolderView Plus Explorer Bar --> C:\jsFolVw\unjsfv.exe
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Locate32 --> C:\Program Files\Locate\Remove.exe
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Lupas Rename 2000 v5.0 Release --> "C:\Program Files\Lupas Rename 2000\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft ASP.NET 3.5 Extensions CTP --> MsiExec.exe /X{44FAFCA0-694A-11DC-99FC-B6C555D89593}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> c:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2008 - ENU --> c:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU --> MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MWSnap 3 --> "C:\Program Files\MWSnap\uninstall.exe"
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
PDF-XChange PDF Viewer version 2.0.0.36 --> "C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe"
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Pegtop PStart --> C:\Program Files\Pegtop\PStart\PStart.exe -uninstall "C:\Program Files\Pegtop\PStart\Installation.xml"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Stream Explorer 1.0.3 --> "C:\Program Files\Rekenwonder Software\Stream Explorer\unins000.exe"
Stream Viewer Utility --> C:\WINDOWS\uninjssv.exe
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
TeraCopy 1.22 --> "C:\Program Files\TeraCopy\unins000.exe"
The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"
TheSage --> "C:\Program Files\TheSage\uninstall.exe"
TortoiseSVN 1.4.5.10425 (32 bit) --> MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Live Writer Blog This for Mozilla Firefox --> MsiExec.exe /X{39E705C7-669D-42EC-90F0-38F376D24774}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
Windows PowerShell™ 1.0 --> "C:\WINDOWS\$NtUninstallKB926139$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinDriversBackup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C713C8B5-F0E1-401D-AE9B-3AB0E180D626}\setup.exe"
WinFast PVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934519A2-4D50-4B83-A459-92D90E9E3188}\Setup.exe" -l0x9 -removeonly
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinFox Setup --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Leadtek Research Inc.\WinFox Setup\Uninst.isu" -c"C:\WINDOWS\system32\WinFox\WinFoxUT.dll"
WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WMI ODBC Driver --> MsiExec.exe /X{0CB034AF-1D7F-49E9-929A-4CDB8581FC36}
Xceed DataGrid for WPF v2.0 --> MsiExec.exe /X{BDBB379C-1EE0-4C09-ABFF-4048E0CBE8E4}
xint v4.3 by xtort.net © --> "C:\Program Files\xint\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XP SysPad V7.9.5 by xtort.net © --> "C:\Program Files\XPSysPad\unins001.exe"
xplorer˛ lite --> "C:\Program Files\zabkat\xplorer2_lite\Uninstall.exe"
Xteq-dotec X-Setup Pro 6.6.300.Final1 --> "C:\Program Files\X-Setup Pro\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4886 / Error
Event Submitted/Written: 04/19/2008 00:28:22 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 661635492.

Event Record #/Type4885 / Error
Event Submitted/Written: 04/19/2008 00:28:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.3311, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4884 / Error
Event Submitted/Written: 04/19/2008 00:27:29 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 661635492.

Event Record #/Type4883 / Error
Event Submitted/Written: 04/19/2008 00:27:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.3311, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4832 / Warning
Event Submitted/Written: 04/19/2008 11:04:40 AM
Event ID/Source: 1 / Visual Studio - VsTemplate
Event Description:
Error in Template (c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ProjectTemplates\CSharp\Windows\1033\WPFBrowserApplication.zip), file (csWPFBrowserApplication.vstemplate). Unknown element (EnableEditOfLocationField). Parsing will attempt to recover.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5048 / Error
Event Submitted/Written: 04/19/2008 00:46:48 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.1.1.2 for the Network Card with network address 0016E6DACBAA has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type5043 / Warning
Event Submitted/Written: 04/19/2008 11:18:07 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5033 / Error
Event Submitted/Written: 04/19/2008 11:16:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type5006 / Warning
Event Submitted/Written: 04/19/2008 07:48:11 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5005 / Error
Event Submitted/Written: 04/19/2008 07:47:36 AM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-04-19 18:29:20 ------------



I have attached an HTML file that was generated by the Belarc programme - it provides an inventory of my system hardware and software.

I believe my system is infected with malware of one sort or another.

The symptoms are as follows, unless otherwise stated they are repeatable

Windows Live Mail [WLM] - when this program is started a spurious dialogue box "pops up", purportedly from Outlook Express informing me that its time to compress the database, the OK and Cancel buttons are available, I have only ever clicked Cancel - other than that WLM behaves normally. Why am I sure this is spurious:-

because the same dialogue box "pops up" when I run Belarc, again the application appears to run normally

I recently rebuilt my system from scratch, not because of an infection, but because the computer was about to get connected to the 'net, and because I was not happy with the way my folders were organised etc. Immediately after the XP install I used the Control Panel-Add or Remove Programs->Add/Remove Windows Components to remove Outlook Express, Messenger, Games and MSN, the first two because I knew I was about to install Windows Live, the third needs no explanation and the last because IMO it is irrelevant in Australia.


Task Manager, this item is greyed out and I cannot reinstate via services.msc in normal nor in safe mode. Ctl/AltDel does not bring up Task Manager either. If I start SysInternals Process Explorer and select the option to have it replace Task Manager, then the Task Manager item is still greyed out in the Taskbar, but Process Explorer can be invoked with a 3 finger salute.

Display Properties - Desktop Tab - clicking this tab causes the program to wedge, that is to say the application goes into a Not Responding state, the only way of getting rid of it is to use Process Explorer to kill the rundll instance in which it's running.

Display Properties - Screen Saver - keeps resetting to no screen saver, I normally have it set show to the XP screen saver after a period of 5 minutes.

SysInternals GetSysInfo - One is required to run this program and attach the results thereof to any report one submits to Kapersky. When I run the program it trashes XP, i.e. the whole shooting box collapses and the system restarts.

The restart is very slow, long pause between the Windows Progress Bar screen and the Welcome screen, another long pause before my identity is displayed for me to log on, another long pause before it loads my settings.

Then a dialogue is popped up that tells me XP crashed requesting permission to send report to MS (a crash dump I guess)

Then another dialogue pops up (see PostXP Crash.png), then everything wedges and I have to restart using the computer's reset button.

This restart is faster i.e. normal delays (which are quite short) - the XP crashed dialogue comes up again, I let it send crash report to MS, it fires up the browser and takes me into MS's OCA process - or as I call it the "Houston, Apollo 13's got a problem" process. I answer all the questions, but I don't run their memory test as that doesn't make sense to me, a bit like my ISP telling me to reset my router when I made a complaint about the frequency of newsgroup updates.


Control Panel->Add Install Programs->Add/Remove Windows Components - the Wizard crashes XP similar to SysInternals GetSysInfo if anything has to be added from the XP CD, OK if things are removed, not sure if this repeatable, trashing XP is not something I like doing.

I have zipped up the Deckard reports and attached them. With respect to Kapersky I have the Internet Suite version 7.0 installed with a paid up license. Can I send from it rather than running the Online version.

I think I got infected with a Trojan Horse Downloader via a Flash video. I visited a site that came high up on an MS Live Search for something like "openoffice writers tools install" (an OOo add on, that, at the time, I was having difficulties installing), I run FF and as you'll see from attached Infolister report I run FlashBlock. The site did not have much text possibly not much more than my query - foolishly I clicked Flashblock's Play button, assuming I'd get a demo of how to install this Writer's Tools extension in OOo. The flash spinning wheel came up and it spun and it spun and it spun until I closed the Tab and went back to the Search results - never did find anything useful but I eventually managed to sort it out.

I will probably demolish & rebuild my system. However I can hold off for a week or so, I have to go away for a few days on Wednesday and I am happy to delay rebuild until my return as I don't think I could finish it by Wednesday and I'd rather not leave it half done. I've also just about used up April's download quota, so I might actually leave it until early May when new billing period starts. In the meantime if there is any further information or tests you'd like me to do then I will try my best. My motivation is to add to the knowledge base so that other's might benefit.

Look forward to hearing from y'all

Attached Files


Edited by urbane.tiger, 19 April 2008 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 AM

Posted 03 May 2008 - 09:55 AM

Hello urbane.tiger

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users