Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Patched User32/zser32 Removal Help Needed


  • This topic is locked This topic is locked
19 replies to this topic

#1 DG2007

DG2007

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 22 December 2008 - 09:21 PM

Here's my post from the "Am I Infected" Forum: http://www.bleepingcomputer.com/forums/t/188071/patched-user32zser32tmp-problem/. That post includes all the steps I've taken, prior to coming here and since I first posted.

Summary:
Initially, I noticed issues with my laptop early last week after restarting, I was writing an email when Outlook closed on it's own while I was in middle of typing. After restarting Outlook it happened again. Since then I've run various virus scans, including McAfee and Symantec, as well as Spybot and several others (see my other post for logs). My laptop started having other various issues like my wireless internet wouldn't work, Google Chrome stopped working - it would open but I couldn't load pages, my computer slowed down a lot, especially at start up (it took about 15 minutes or so to start up!). Now after running all these scans I can connect wirelessly again, my computer isn't as slow anymore (though my internet is pretty slow tonight), and Google Chrome is working again.

I tried to run Kapersky but I got an error message that I needed to be connected to the internet. I'm going to try a wired connection and see if that helps in case it's my wireless connection causing trouble.

And after I'm done with that I will run a RSIT scan.

Thanks in advance for your help! I will post logs as soon as they are available.
Diane

BC AdBot (Login to Remove)

 


#2 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 22 December 2008 - 11:30 PM

This is my Kapersky Critical Areas Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 00:43:41
Records in database: 1502447
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Me\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 107913
Threat name: 3
Infected objects: 27
Suspicious objects: 0
Duration of the scan: 01:19:55


File name / Threat name / Threats count
C:\WINDOWS\system32\USER32.dll/C:\WINDOWS\system32\USER32.dll Infected: Trojan.Win32.Patched.bb 24
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC World Clock.scr Infected: not-a-virus:Monitor.Win32.KeyPressHooker.f 1
C:\WINDOWS\MailSwitch.ocx Infected: Trojan-PSW.Win32.Agent.ktv 1
C:\WINDOWS\system32\dllcache\zser32.tmp Infected: Trojan.Win32.Patched.bb 1

The selected area was scanned.


--------------------------------------------------------------------

Would you recommend running a Kapersky scan on the other areas (i.e. My Computer) or is the Critical Areas enough?
Diane

#3 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 23 December 2008 - 07:48 AM

Kapersky My Computer Scan Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 00:43:41
Records in database: 1502447
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 177872
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:57:37


File name / Threat name / Threats count
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC World Clock.scr Infected: not-a-virus:Monitor.Win32.KeyPressHooker.f 1
C:\WINDOWS\MailSwitch.ocx Infected: Trojan-PSW.Win32.Agent.ktv 1
C:\WINDOWS\system32\dllcache\zser32.tmp Infected: Trojan.Win32.Patched.bb 1

The selected area was scanned.



------------------------------------------

Will run RSIT next. Thank you.
Diane

#4 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 23 December 2008 - 07:58 AM

RSIT logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2008-12-23 07:03:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (20%) free of 81 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:56 AM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-3111625162-3632128329-1091921340-500\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-3111625162-3632128329-1091921340-500\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-3111625162-3632128329-1091921340-500\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-3111625162-3632128329-1091921340-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-3111625162-3632128329-1091921340-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0256691229989687) (0256691229989687mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\025669~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - McAfee, Inc. - (no file)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12110 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2007-01-11 3330048]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"Google Update"=C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1165284985\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1165284985\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2007-11-08 577536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\America Online 9.0\aol.exe"="C:\Program Files\America Online 9.0\aol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2008-12-23 06:51:09 ----D---- C:\rsit
2008-12-23 06:51:09 ----D---- C:\Program Files\trend micro
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 17:47:32 ----D---- C:\WINDOWS\LastGood
2008-12-21 19:42:34 ----D---- C:\WINDOWS\ERUNT
2008-12-21 19:33:33 ----D---- C:\SDFix
2008-12-21 15:09:40 ----D---- C:\fsaua.data
2008-12-20 19:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35:03 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 19:35:03 ----D---- C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 19:10:51 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-12-20 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:46:23 ----D---- C:\Program Files\SiteAdvisor
2008-12-19 17:44:23 ----D---- C:\Program Files\McAfee.com
2008-12-19 17:44:17 ----D---- C:\Program Files\Common Files\McAfee
2008-12-19 15:52:56 ----D---- C:\Program Files\McAfee
2008-12-19 15:24:40 ----D---- C:\Program Files\CCleaner
2008-12-18 12:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-18 09:11:01 ----D---- C:\Program Files\Windows Defender
2008-12-17 23:06:38 ----D---- C:\df654e35609ef4f0aa945fd8ca7c0514
2008-12-17 13:25:22 ----D---- C:\Config.Msi
2008-12-11 09:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2008-12-23 07:03:39 ----D---- C:\WINDOWS\Temp
2008-12-23 06:51:09 ----D---- C:\Program Files
2008-12-22 21:05:45 ----D---- C:\WINDOWS\Prefetch
2008-12-22 20:28:11 ----SHD---- C:\WINDOWS\Installer
2008-12-22 20:28:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-22 20:27:56 ----D---- C:\WINDOWS\system32
2008-12-22 20:27:31 ----D---- C:\Program Files\Java
2008-12-22 18:30:58 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-22 18:00:43 ----D---- C:\WINDOWS
2008-12-22 17:56:57 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-22 17:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-22 17:48:05 ----HD---- C:\WINDOWS\inf
2008-12-22 17:27:42 ----SD---- C:\WINDOWS\Tasks
2008-12-22 17:26:48 ----D---- C:\WINDOWS\Registration
2008-12-22 17:23:29 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 23:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 22:05:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 19:53:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 10:56:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files
2008-12-20 18:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 18:56:25 ----D---- C:\Program Files\Symantec
2008-12-20 17:05:25 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Minidump
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Debug
2008-12-19 00:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-18 19:09:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 19:08:03 ----D---- C:\Program Files\Yahoo!
2008-12-18 19:07:20 ----D---- C:\Program Files\SimPE
2008-12-18 18:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 18:53:55 ----D---- C:\Program Files\LimeWire
2008-12-18 12:04:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 12:01:10 ----SHD---- C:\System Volume Information
2008-12-18 12:01:10 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 09:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 08:58:52 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-18 08:43:49 ----D---- C:\WINDOWS\system32\config
2008-12-18 08:43:12 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:29:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 12:13:28 ----D---- C:\WINDOWS\Help
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:40:46 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 22:10:17 ----D---- C:\Program Files\World of Warcraft
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-25 16:01:19 ----A---- C:\WINDOWS\system32\user32.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-19 8552]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0256691229989687mcinstcleanup;McAfee Application Installer Cleanup (0256691229989687); C:\WINDOWS\TEMP\025669~1.EXE [2008-09-12 315264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-25 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.05 2008-12-23 06:51:13

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Active Desktop Calendar 6.6-->"C:\Program Files\XemiComputers\Active Desktop Calendar\unins000.exe"
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Premiere Elements 4.0 Templates-->msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates-->MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0-->msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Curse Client-->C:\Program Files\Curse\uninstall.exe
Dell Automated PC TuneUp-->MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
eGames GameButler-->C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961-v4)-->"C:\WINDOWS\$NtUninstallKB895961-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 3600-->msiexec /x{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Picaboo 2.0.325-->MsiExec.exe /I{FAE5A9E4-CFD5-4ABE-B0D7-AA09AC3747BB}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

System event log

Computer Name: DIANE
Event Code: 7036
Message: The McAfee Real-time Scanner service entered the paused state.

Record Number: 67713
Source Name: Service Control Manager
Time Written: 20081210135039.000000-360
Event Type: information
User:

Computer Name: DIANE
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{68255EC5-C68E-4BBE-95BC-0FDC2FB33D13} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 67712
Source Name: Tcpip
Time Written: 20081210085009.000000-360
Event Type: information
User:

Computer Name: DIANE
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 67711
Source Name: Service Control Manager
Time Written: 20081210085007.000000-360
Event Type: information
User:

Computer Name: DIANE
Event Code: 7036
Message: The McAfee Real-time Scanner service entered the running state.

Record Number: 67710
Source Name: Service Control Manager
Time Written: 20081210085005.000000-360
Event Type: information
User:

Computer Name: DIANE
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{68255EC5-C68E-4BBE-95BC-0FDC2FB33D13} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 67709
Source Name: Tcpip
Time Written: 20081210084959.000000-360
Event Type: information
User:

Application event log

Computer Name: DIANE
Event Code: 36866
Message: ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Record Number: 9485
Source Name: Media Center Extender Services
Time Written: 20081216180449.000000-360
Event Type: error
User:

Computer Name: DIANE
Event Code: 36866
Message: ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Record Number: 9484
Source Name: Media Center Extender Services
Time Written: 20081216155730.000000-360
Event Type: error
User:

Computer Name: DIANE
Event Code: 5000
Message: McShield service started.

Engine version : 5300.2777

DAT version : 5465.0000



Number of signatures in EXTRA.DAT : None

Names of threats that EXTRA.DAT can detect : None

Record Number: 9483
Source Name: McLogEvent
Time Written: 20081216141429.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DIANE
Event Code: 36866
Message: ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Record Number: 9482
Source Name: Media Center Extender Services
Time Written: 20081216140828.000000-360
Event Type: error
User:

Computer Name: DIANE
Event Code: 36866
Message: ERROR: Device Service Listener - The listener loop unexpectedly ended. Error code 0x00000000.

Record Number: 9481
Source Name: Media Center Extender Services
Time Written: 20081216090625.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Edited by DG2007, 23 December 2008 - 08:07 AM.

Diane

#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 31 December 2008 - 02:46 AM

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.


Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#6 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 31 December 2008 - 04:48 PM

Thank you! I definitely still need help - just returned home after being away for a week. I'm ready to work on fixing my laptop.

My new HJT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2008-12-31 15:46:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (20%) free of 81 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:44 PM, on 12/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - McAfee, Inc. - (no file)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11615 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2007-01-11 3330048]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"Google Update"=C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1165284985\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1165284985\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2007-11-08 577536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\America Online 9.0\aol.exe"="C:\Program Files\America Online 9.0\aol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 2 months======

2008-12-24 18:57:17 ----A---- C:\WINDOWS\system32\zser32.tmp
2008-12-24 15:48:02 ----D---- C:\Program Files\a-squared Free
2008-12-23 06:51:09 ----D---- C:\rsit
2008-12-23 06:51:09 ----D---- C:\Program Files\trend micro
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 19:42:34 ----D---- C:\WINDOWS\ERUNT
2008-12-21 19:33:33 ----D---- C:\SDFix
2008-12-21 15:09:40 ----D---- C:\fsaua.data
2008-12-20 19:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35:03 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 19:35:03 ----D---- C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 19:10:51 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-12-20 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:44:23 ----D---- C:\Program Files\McAfee.com
2008-12-19 17:44:17 ----D---- C:\Program Files\Common Files\McAfee
2008-12-19 15:52:56 ----D---- C:\Program Files\McAfee
2008-12-19 15:24:40 ----D---- C:\Program Files\CCleaner
2008-12-18 12:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-18 09:11:01 ----D---- C:\Program Files\Windows Defender
2008-12-17 23:06:38 ----D---- C:\df654e35609ef4f0aa945fd8ca7c0514
2008-12-17 13:25:22 ----D---- C:\Config.Msi
2008-12-11 09:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-13 09:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 09:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 09:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 2 months======

2008-12-31 15:43:41 ----D---- C:\WINDOWS\Temp
2008-12-31 15:36:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 15:36:10 ----SD---- C:\WINDOWS\Tasks
2008-12-31 15:35:50 ----D---- C:\WINDOWS
2008-12-31 15:34:33 ----D---- C:\WINDOWS\Registration
2008-12-31 15:33:43 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-31 15:32:55 ----D---- C:\Program Files
2008-12-24 18:58:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 18:57:17 ----D---- C:\WINDOWS\system32
2008-12-24 18:53:58 ----D---- C:\Program Files\Photodex Presenter
2008-12-24 16:27:43 ----D---- C:\WINDOWS\Prefetch
2008-12-22 20:28:11 ----SHD---- C:\WINDOWS\Installer
2008-12-22 20:27:31 ----D---- C:\Program Files\Java
2008-12-22 17:56:57 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-22 17:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-22 17:48:05 ----HD---- C:\WINDOWS\inf
2008-12-21 23:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 22:05:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 19:53:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 10:56:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files
2008-12-20 18:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 18:56:25 ----D---- C:\Program Files\Symantec
2008-12-20 17:05:25 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Minidump
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Debug
2008-12-19 00:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-18 19:09:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 19:08:03 ----D---- C:\Program Files\Yahoo!
2008-12-18 19:07:20 ----D---- C:\Program Files\SimPE
2008-12-18 18:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 18:53:55 ----D---- C:\Program Files\LimeWire
2008-12-18 12:04:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 12:01:10 ----SHD---- C:\System Volume Information
2008-12-18 12:01:10 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 09:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 08:58:52 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-18 08:43:49 ----D---- C:\WINDOWS\system32\config
2008-12-18 08:43:12 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:29:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 12:13:28 ----D---- C:\WINDOWS\Help
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:40:46 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 22:10:17 ----D---- C:\Program Files\World of Warcraft
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-25 16:01:19 ----A---- C:\WINDOWS\system32\user32.DLL
2008-11-13 09:38:21 ----D---- C:\WINDOWS\WinSxS
2008-11-11 19:03:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 11:01:01 ----A---- C:\VETlog.txt
2008-11-01 11:00:54 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-19 8552]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-25 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------
Diane

#7 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 January 2009 - 03:28 AM

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply, please include:
-The log from Malwarebytes' Anti-Malware.
- A new HijackThis log
Posted Image
Proud member of ASAP since 2007

#8 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 January 2009 - 01:37 PM

Malwarebytes' log:

Malwarebytes' Anti-Malware 1.31
Database version: 1531
Windows 5.1.2600 Service Pack 3

1/1/2009 12:27:05 PM
mbam-log-2009-01-01 (12-27-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217944
Time elapsed: 2 hour(s), 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2009-01-01 12:29:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (20%) free of 81 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:13 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - McAfee, Inc. - (no file)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2007-01-11 3330048]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"Google Update"=C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1165284985\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1165284985\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2007-11-08 577536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\America Online 9.0\aol.exe"="C:\Program Files\America Online 9.0\aol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1165102740\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\AOLOpenRide.exe:*:Disabled:AOL OpenRide"
"C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165167553\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1159219750\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 2 months======

2008-12-24 18:57:17 ----A---- C:\WINDOWS\system32\zser32.tmp
2008-12-24 15:48:02 ----D---- C:\Program Files\a-squared Free
2008-12-23 06:51:09 ----D---- C:\rsit
2008-12-23 06:51:09 ----D---- C:\Program Files\trend micro
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 19:42:34 ----D---- C:\WINDOWS\ERUNT
2008-12-21 19:33:33 ----D---- C:\SDFix
2008-12-21 15:09:40 ----D---- C:\fsaua.data
2008-12-20 19:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35:03 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 19:35:03 ----D---- C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 19:10:51 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-12-20 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:44:23 ----D---- C:\Program Files\McAfee.com
2008-12-19 17:44:17 ----D---- C:\Program Files\Common Files\McAfee
2008-12-19 15:52:56 ----D---- C:\Program Files\McAfee
2008-12-19 15:24:40 ----D---- C:\Program Files\CCleaner
2008-12-18 12:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-18 09:11:01 ----D---- C:\Program Files\Windows Defender
2008-12-17 23:06:38 ----D---- C:\df654e35609ef4f0aa945fd8ca7c0514
2008-12-17 13:25:22 ----D---- C:\Config.Msi
2008-12-11 09:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-13 09:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 09:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 09:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 2 months======

2009-01-01 12:30:06 ----D---- C:\WINDOWS\Temp
2009-01-01 09:45:10 ----D---- C:\WINDOWS\Prefetch
2009-01-01 09:44:41 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-31 15:36:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 15:36:10 ----SD---- C:\WINDOWS\Tasks
2008-12-31 15:35:50 ----D---- C:\WINDOWS
2008-12-31 15:34:33 ----D---- C:\WINDOWS\Registration
2008-12-31 15:32:55 ----D---- C:\Program Files
2008-12-24 18:58:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 18:57:17 ----D---- C:\WINDOWS\system32
2008-12-24 18:53:58 ----D---- C:\Program Files\Photodex Presenter
2008-12-22 20:28:11 ----SHD---- C:\WINDOWS\Installer
2008-12-22 20:27:31 ----D---- C:\Program Files\Java
2008-12-22 17:56:57 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-22 17:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-22 17:48:05 ----HD---- C:\WINDOWS\inf
2008-12-21 23:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 22:05:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 19:53:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 10:56:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files
2008-12-20 18:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 18:56:25 ----D---- C:\Program Files\Symantec
2008-12-20 17:05:25 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Minidump
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Debug
2008-12-19 00:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-18 19:09:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 19:08:03 ----D---- C:\Program Files\Yahoo!
2008-12-18 19:07:20 ----D---- C:\Program Files\SimPE
2008-12-18 18:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 18:53:55 ----D---- C:\Program Files\LimeWire
2008-12-18 12:04:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 12:01:10 ----SHD---- C:\System Volume Information
2008-12-18 12:01:10 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 09:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 08:58:52 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-18 08:43:49 ----D---- C:\WINDOWS\system32\config
2008-12-18 08:43:12 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:29:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 12:13:28 ----D---- C:\WINDOWS\Help
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:40:46 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 22:10:17 ----D---- C:\Program Files\World of Warcraft
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-25 16:01:19 ----A---- C:\WINDOWS\system32\user32.DLL
2008-11-13 09:38:21 ----D---- C:\WINDOWS\WinSxS
2008-11-11 19:03:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-19 8552]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-25 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

-----------------EOF-----------------


NOTE:
McAfee is still popping up with alerts that Patched User32 is on my laptop. I didn't try to fix the problem again since McAfee hasn't been able to fix it in the past. Waiting for your reply.
Diane

#9 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 January 2009 - 02:44 PM

Hi,

open HijackThis, click do a scan only and place a check next to the following entries:

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} -
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.

Please visit the webpage HERE for instructions for downloading and running ComboFix.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Posted Image
Proud member of ASAP since 2007

#10 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 January 2009 - 04:09 PM

ComboFix Log:

ComboFix 08-12-31.01 - Me 2009-01-01 14:48:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1426 [GMT -6:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-24 18:57 . 2008-11-25 16:01 578,560 --a------ c:\windows\system32\zser32.tmp
2008-12-24 15:48 . 2008-12-24 18:46 <DIR> d-------- c:\program files\a-squared Free
2008-12-23 06:51 . 2008-12-23 06:51 <DIR> d-------- C:\rsit
2008-12-23 06:51 . 2009-01-01 14:01 <DIR> d-------- c:\program files\trend micro
2008-12-22 20:27 . 2008-12-22 20:27 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-22 17:56 . 2008-11-25 16:01 578,560 --a------ c:\windows\system32\dllcache\zser32.tmp
2008-12-22 17:48 . 2008-12-22 17:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-12-21 19:42 . 2008-12-21 19:43 <DIR> d-------- c:\windows\ERUNT
2008-12-21 19:33 . 2008-12-22 15:32 <DIR> d-------- C:\SDFix
2008-12-21 15:09 . 2008-12-21 15:09 <DIR> d-------- C:\fsaua.data
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34 . 2008-12-20 19:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\documents and settings\Me\Application Data\Malwarebytes
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-20 19:10 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 17:47 . 2009-01-01 14:55 10,855 --a------ c:\windows\system32\Config.MPF
2008-12-19 17:45 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-19 17:45 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-19 17:45 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-19 17:45 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-19 17:45 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-19 17:44 . 2008-12-19 17:44 <DIR> d-------- c:\program files\McAfee.com
2008-12-19 17:44 . 2008-12-19 17:45 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-19 17:44 . 2007-07-13 09:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-19 15:52 . 2008-12-22 17:47 <DIR> d-------- c:\program files\McAfee
2008-12-19 15:24 . 2008-12-19 15:24 <DIR> d-------- c:\program files\CCleaner
2008-12-19 11:03 . 2008-12-19 11:03 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-18 12:06 . 2008-12-22 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50 . 2008-12-18 11:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-18 09:11 . 2008-12-18 09:11 <DIR> d-------- c:\program files\Windows Defender
2008-12-17 23:06 . 2008-12-18 08:58 <DIR> d-------- C:\df654e35609ef4f0aa945fd8ca7c0514
2008-12-03 19:36 . 2008-12-21 17:19 578,560 --a------ c:\windows\system32\xflx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 00:53 --------- d-----w c:\program files\Photodex Presenter
2008-12-23 02:27 --------- d-----w c:\program files\Java
2008-12-22 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-22 05:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 16:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 00:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-21 00:56 --------- d-----w c:\program files\Symantec
2008-12-19 23:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-19 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-19 01:08 --------- d-----w c:\program files\Yahoo!
2008-12-19 01:07 --------- d-----w c:\program files\SimPE
2008-12-19 00:53 --------- d-----w c:\program files\LimeWire
2008-12-18 14:58 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-11 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 04:10 --------- d-----w c:\program files\World of Warcraft
2007-07-18 21:21 3,762 ----a-w c:\documents and settings\Me\Application Data\wklnhst.dat
2007-01-08 22:23 1,415,618 ----a-w c:\program files\iFP-790(us)_V165.zip
2007-01-02 01:25 200,704 ----a-w c:\program files\bbemulator.exe
2006-11-07 01:56 72,560 ----a-w c:\documents and settings\Me\Application Data\GDIPFONTCACHEV1.DAT
2006-09-30 15:18 251 ----a-w c:\program files\wt3d.ini
2008-07-15 23:48 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-15 23:48 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-15 23:48 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-15 23:48 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-15 23:48 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-09-26 14:56 88 --sh--r c:\windows\system32\D2EFE3DB57.sys
2006-09-26 14:56 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-14 17:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-01-11 3330048]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"Google Update"="c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 08:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 17:37 229437 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 11:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 18:52 50736 c:\program files\Common Files\AOL\1165284985\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 18:51 233472 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 10:24 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-09-01 05:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1165284985\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-22 206096]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; []
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-04-09 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-04-09 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-04-09 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-04-09 23680]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 14:05]

2008-12-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-01 c:\windows\Tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1165284985\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 14:55:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (S-1-5-19)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (S-1-5-20)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*B*NULL*o*NULL*n*NULL* *NULL*V*NULL*o*NULL*y*NULL*a*NULL*g*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,06,04,00,00,01,00,00,00,07,00,00,00,98,00,\
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
00,7a,00,00,00,2d,37,61,b8,20,00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,\
4e,00,03,00,04,00,ef,be,2d,37,61,b8,5a,38,95,2c,14,00,00,00,45,00,6c,00,65,\
00,63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,\
73,00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
78,00,00,00,01,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,\
00,32,00,c4,03,00,00,2d,37,61,b8,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,\
00,00,2e,00,03,00,04,00,ef,be,2d,37,61,b8,5a,38,95,2c,14,00,00,00,52,00,65,\
00,61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,02,\
00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,df,04,\
00,00,2d,37,61,b8,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,\
00,04,00,ef,be,2d,37,61,b8,5a,38,95,2c,14,00,00,00,54,00,65,00,63,00,68,00,\
6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,94,00,00,00,03,00,00,00,86,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,74,00,32,00,a7,07,00,00,2d,37,61,b8,20,00,54,48,\
45,53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,2d,37,61,b8,5a,\
38,96,2c,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,\
20,00,32,00,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,96,00,00,00,04,00,00,00,88,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,76,00,32,00,a1,07,00,00,2d,37,61,b8,20,00,54,48,45,53,\
49,4d,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,2d,37,61,b8,5a,38,99,\
2c,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,\
32,00,20,00,42,00,6f,00,6e,00,20,00,56,00,6f,00,79,00,61,00,67,00,65,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,aa,00,00,00,05,00,00,00,9c,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,8a,00,32,00,55,07,00,00,2d,37,61,b8,20,00,55,4e,49,4e,\
53,54,7e,31,2e,4c,4e,4b,00,00,60,00,03,00,04,00,ef,be,2d,37,61,b8,5a,38,99,\
2c,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,\
54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,32,00,20,00,42,\
00,6f,00,6e,00,20,00,56,00,6f,00,79,00,61,00,67,00,65,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,8a,00,00,00,06,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,6a,00,32,00,26,05,00,00,2d,37,61,b8,20,00,57,57,57,54,48,45,7e,31,2e,\
4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,2d,37,61,b8,5a,38,99,2c,14,00,00,00,\
77,00,77,00,77,00,2e,00,74,00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,\
00,63,00,6f,00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*C*NULL*e*NULL*l*NULL*e*NULL*b*NULL*r*NULL*a*NULL*t*NULL*i*NULL*o*NULL*n*NULL*!*NULL* *NULL*S*NULL*t*NULL*u*NULL*f*NULL*f*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,a2,04,00,00,01,00,00,00,08,00,00,00,7c,00,\
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
00,52,04,00,00,a3,36,73,b7,20,00,45,41,53,59,49,4e,7e,31,2e,4c,4e,4b,00,00,\
32,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,59,23,14,00,00,00,45,00,41,00,73,\
00,79,00,20,00,49,00,6e,00,66,00,6f,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,\
00,01,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,\
56,04,00,00,a3,36,73,b7,20,00,45,4c,45,43,54,52,7e,31,2e,4c,4e,4b,00,00,4e,\
00,03,00,04,00,ef,be,a3,36,73,b7,86,37,59,23,14,00,00,00,45,00,6c,00,65,00,\
63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,\
00,00,00,02,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,\
32,00,ec,03,00,00,a3,36,73,b7,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,\
00,2e,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,59,23,14,00,00,00,52,00,65,00,\
61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,03,00,\
00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,17,05,00,\
00,a3,36,73,b7,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,\
04,00,ef,be,a3,36,73,b7,86,37,59,23,14,00,00,00,54,00,65,00,63,00,68,00,6e,\
00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,94,00,00,00,04,00,00,00,86,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,74,00,32,00,ef,07,00,00,a3,36,73,b7,20,00,54,48,45,\
53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,\
59,23,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,\
00,32,00,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,00,\
6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,\
00,00,00,00,00,00,00,a6,00,00,00,05,00,00,00,98,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,86,00,32,00,e0,07,00,00,a3,36,73,b7,20,00,54,48,45,53,49,\
4d,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,5a,23,\
14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,32,\
00,20,00,43,00,65,00,6c,00,65,00,62,00,72,00,61,00,74,00,69,00,6f,00,6e,00,\
21,00,20,00,53,00,74,00,75,00,66,00,66,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ba,00,\
00,00,06,00,00,00,ac,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9a,00,32,\
00,ad,07,00,00,a3,36,73,b7,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,\
70,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,5a,23,14,00,00,00,55,00,6e,00,69,\
00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,54,00,68,00,65,00,20,00,53,00,\
69,00,6d,00,73,00,22,21,20,00,32,00,20,00,43,00,65,00,6c,00,65,00,62,00,72,\
00,61,00,74,00,69,00,6f,00,6e,00,21,00,20,00,53,00,74,00,75,00,66,00,66,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,8a,00,00,00,07,00,00,00,7c,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,6a,00,32,00,36,05,00,00,a3,36,73,b7,20,00,57,57,57,\
54,48,45,7e,31,2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,a3,36,73,b7,86,37,\
5a,23,14,00,00,00,77,00,77,00,77,00,2e,00,74,00,68,00,65,00,73,00,69,00,6d,\
00,73,00,32,00,2e,00,63,00,6f,00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*F*NULL*r*NULL*e*NULL*e*NULL*T*NULL*i*NULL*m*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,fe,03,00,00,01,00,00,00,07,00,00,00,98,00,\
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
00,7a,00,00,00,6e,38,82,ae,20,00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,\
4e,00,03,00,04,00,ef,be,6e,38,82,ae,6e,38,82,ae,14,00,00,00,45,00,6c,00,65,\
00,63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,\
73,00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
78,00,00,00,01,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,\
00,32,00,ba,03,00,00,6e,38,82,ae,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,\
00,00,2e,00,03,00,04,00,ef,be,6e,38,82,ae,6e,38,82,ae,14,00,00,00,52,00,65,\
00,61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,02,\
00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,d1,04,\
00,00,6e,38,82,ae,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,\
00,04,00,ef,be,6e,38,82,ae,6e,38,82,ae,14,00,00,00,54,00,65,00,63,00,68,00,\
6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,94,00,00,00,03,00,00,00,86,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,74,00,32,00,95,07,00,00,6e,38,82,ae,20,00,54,48,\
45,53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,6e,38,82,ae,6e,\
38,82,ae,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,\
20,00,32,00,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,92,00,00,00,04,00,00,00,84,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,72,00,32,00,8b,07,00,00,6e,38,82,ae,20,00,54,48,45,53,\
49,4d,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,04,00,ef,be,6e,38,82,ae,6e,38,82,\
ae,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,\
32,00,20,00,46,00,72,00,65,00,65,00,54,00,69,00,6d,00,65,00,2e,00,6c,00,6e,\
00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,\
00,00,00,00,a6,00,00,00,05,00,00,00,98,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,86,00,32,00,3f,07,00,00,6e,38,82,ae,20,00,55,4e,49,4e,53,54,7e,31,\
2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,6e,38,82,ae,6e,38,82,ae,14,00,00,\
00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,54,00,68,00,\
65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,32,00,20,00,46,00,72,00,65,\
00,65,00,54,00,69,00,6d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8a,00,00,00,06,\
00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,31,00,\
00,00,6e,38,82,ae,20,00,57,57,57,54,48,45,7e,31,2e,55,52,4c,00,00,40,00,03,\
00,04,00,ef,be,6e,38,82,ae,6e,38,82,ae,14,00,00,00,77,00,77,00,77,00,2e,00,\
74,00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,2e,\
00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*H*NULL*&*NULL*M*NULL*®*NULL* *NULL*F*NULL*a*NULL*s*NULL*h*NULL*i*NULL*o*NULL*n*NULL* *NULL*S*NULL*t*NULL*u*NULL*f*NULL*f*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,a2,04,00,00,01,00,00,00,08,00,00,00,7c,00,\
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
00,52,04,00,00,eb,36,c2,bc,20,00,45,41,53,59,49,4e,7e,31,2e,4c,4e,4b,00,00,\
32,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,9d,35,14,00,00,00,45,00,41,00,73,\
00,79,00,20,00,49,00,6e,00,66,00,6f,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,\
00,01,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,\
56,04,00,00,eb,36,c2,bc,20,00,45,4c,45,43,54,52,7e,31,2e,4c,4e,4b,00,00,4e,\
00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,9d,35,14,00,00,00,45,00,6c,00,65,00,\
63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,\
00,00,00,02,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,\
32,00,ec,03,00,00,eb,36,c2,bc,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,\
00,2e,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,a0,35,14,00,00,00,52,00,65,00,\
61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,03,00,\
00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,17,05,00,\
00,eb,36,c2,bc,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,\
04,00,ef,be,eb,36,c2,bc,98,37,a0,35,14,00,00,00,54,00,65,00,63,00,68,00,6e,\
00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,94,00,00,00,04,00,00,00,86,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,74,00,32,00,ef,07,00,00,eb,36,c2,bc,20,00,54,48,45,\
53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,\
a0,35,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,\
00,32,00,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,00,\
6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,\
00,00,00,00,00,00,00,a6,00,00,00,05,00,00,00,98,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,86,00,32,00,e0,07,00,00,eb,36,c2,bc,20,00,54,48,45,53,49,\
4d,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,a0,35,\
14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,32,\
00,20,00,48,00,26,00,4d,00,ae,00,20,00,46,00,61,00,73,00,68,00,69,00,6f,00,\
6e,00,20,00,53,00,74,00,75,00,66,00,66,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ba,00,\
00,00,06,00,00,00,ac,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9a,00,32,\
00,ad,07,00,00,eb,36,c2,bc,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,\
70,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,a0,35,14,00,00,00,55,00,6e,00,69,\
00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,54,00,68,00,65,00,20,00,53,00,\
69,00,6d,00,73,00,22,21,20,00,32,00,20,00,48,00,26,00,4d,00,ae,00,20,00,46,\
00,61,00,73,00,68,00,69,00,6f,00,6e,00,20,00,53,00,74,00,75,00,66,00,66,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,8a,00,00,00,07,00,00,00,7c,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,6a,00,32,00,36,05,00,00,eb,36,c2,bc,20,00,57,57,57,\
54,48,45,7e,31,2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,eb,36,c2,bc,98,37,\
a0,35,14,00,00,00,77,00,77,00,77,00,2e,00,74,00,68,00,65,00,73,00,69,00,6d,\
00,73,00,32,00,2e,00,63,00,6f,00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*S*NULL*e*NULL*a*NULL*s*NULL*o*NULL*n*NULL*s*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,76,04,00,00,01,00,00,00,08,00,00,00,7c,00,\
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
00,05,04,00,00,75,36,42,81,20,00,45,41,53,59,49,4e,7e,31,2e,4c,4e,4b,00,00,\
32,00,03,00,04,00,ef,be,75,36,42,81,86,37,5b,23,14,00,00,00,45,00,41,00,73,\
00,79,00,20,00,49,00,6e,00,66,00,6f,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,\
00,01,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,\
09,04,00,00,75,36,42,81,20,00,45,4c,45,43,54,52,7e,31,2e,4c,4e,4b,00,00,4e,\
00,03,00,04,00,ef,be,75,36,42,81,86,37,5c,23,14,00,00,00,45,00,6c,00,65,00,\
63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,\
00,00,00,02,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,\
32,00,b5,03,00,00,75,36,42,81,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,\
00,2e,00,03,00,04,00,ef,be,75,36,42,81,86,37,5c,23,14,00,00,00,52,00,65,00,\
61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,03,00,\
00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,ca,04,00,\
00,75,36,42,81,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,\
04,00,ef,be,75,36,42,81,86,37,5c,23,14,00,00,00,54,00,65,00,63,00,68,00,6e,\
00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,94,00,00,00,04,00,00,00,86,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,74,00,32,00,8c,07,00,00,75,36,42,81,20,00,54,48,45,\
53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,75,36,42,81,86,37,\
5c,23,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,20,00,32,\
00,22,21,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,00,\
6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,\
00,00,00,00,00,00,00,90,00,00,00,05,00,00,00,82,00,00,00,41,75,67,4d,02,00,\
00,00,01,00,00,00,70,00,32,00,67,07,00,00,75,36,42,81,20,00,54,48,45,53,49,\
4d,7e,31,2e,4c,4e,4b,00,00,46,00,03,00,04,00,ef,be,75,36,42,81,86,37,5c,23,\
14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,32,\
00,20,00,53,00,65,00,61,00,73,00,6f,00,6e,00,73,00,2e,00,6c,00,6e,00,6b,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
84,00,32,00,34,07,00,00,75,36,42,81,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,\
4b,00,00,5a,00,03,00,04,00,ef,be,75,36,42,81,86,37,5c,23,14,00,00,00,55,00,\
6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,54,00,68,00,65,00,20,\
00,53,00,69,00,6d,00,73,00,22,21,20,00,32,00,20,00,53,00,65,00,61,00,73,00,\
6f,00,6e,00,73,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8a,00,00,00,07,00,00,00,7c,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,20,05,00,00,75,36,43,\
81,20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,\
75,36,43,81,86,37,5c,23,14,00,00,00,77,00,77,00,77,00,2e,00,74,00,68,00,65,\
00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\T*NULL*h*NULL*e*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*T*NULL*e*NULL*e*NULL*n*NULL* *NULL*S*NULL*t*NULL*y*NULL*l*NULL*e*NULL* *NULL*S*NULL*t*NULL*u*NULL*f*NULL*f*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,1e,04,00,00,01,00,00,00,07,00,00,00,98,00,\
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
00,7a,00,00,00,92,37,2b,28,20,00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,\
4e,00,03,00,04,00,ef,be,92,37,2b,28,6e,38,06,b0,14,00,00,00,45,00,6c,00,65,\
00,63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,\
73,00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
78,00,00,00,01,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,\
00,32,00,e2,03,00,00,92,37,2b,28,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,\
00,00,2e,00,03,00,04,00,ef,be,92,37,2b,28,6e,38,06,b0,14,00,00,00,52,00,65,\
00,61,00,64,00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,02,\
00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,09,05,\
00,00,92,37,2b,28,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,\
00,04,00,ef,be,92,37,2b,28,6e,38,06,b0,14,00,00,00,54,00,65,00,63,00,68,00,\
6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,94,00,00,00,03,00,00,00,86,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,74,00,32,00,dd,07,00,00,92,37,2b,28,20,00,54,48,\
45,53,49,4d,7e,32,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,92,37,2b,28,6e,\
38,06,b0,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,\
20,00,32,00,20,00,42,00,6f,00,64,00,79,00,20,00,53,00,68,00,6f,00,70,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,a2,00,00,00,04,00,00,00,94,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,82,00,32,00,e3,07,00,00,92,37,2b,28,20,00,54,48,45,53,\
49,4d,7e,31,2e,4c,4e,4b,00,00,58,00,03,00,04,00,ef,be,92,37,2b,28,6e,38,09,\
b0,14,00,00,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,\
32,00,20,00,54,00,65,00,65,00,6e,00,20,00,53,00,74,00,79,00,6c,00,65,00,20,\
00,53,00,74,00,75,00,66,00,66,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,b6,00,00,00,05,\
00,00,00,a8,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,96,00,32,00,97,07,\
00,00,92,37,2b,28,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,6c,00,03,\
00,04,00,ef,be,92,37,2b,28,6e,38,09,b0,14,00,00,00,55,00,6e,00,69,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,20,00,54,00,68,00,65,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,54,00,65,00,65,00,6e,00,20,00,53,00,74,00,\
79,00,6c,00,65,00,20,00,53,00,74,00,75,00,66,00,66,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
00,00,8a,00,00,00,06,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
00,6a,00,32,00,32,05,00,00,92,37,2b,28,20,00,57,57,57,54,48,45,7e,31,2e,4c,\
4e,4b,00,00,40,00,03,00,04,00,ef,be,92,37,2b,28,6e,38,09,b0,14,00,00,00,77,\
00,77,00,77,00,2e,00,74,00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,\
63,00,6f,00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
@Allowed: (Full) (S-1-5-21-3111625162-3632128329-1091921340-1006)
@Allowed: (Full) (S-1-5-21-3111625162-3632128329-1091921340-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
@Allowed: (Full) (S-1-5-21-3111625162-3632128329-1091921340-1006)
@Allowed: (Full) (S-1-5-21-3111625162-3632128329-1091921340-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:0c,f4,52,62,bd,bb,4f,3b,d5,4f,bc,f2,28,ae,51,0c,74,8a,3b,93,e6,f7,99,\
b2,19,0d,99,2e,38,f1,a8,0a,cd,b9,27,2d,7c,52,3d,7f,17,d5,3b,99,35,7a,4f,69,\
0d,eb,05,23,c1,0c,2e,43,b9,8d,d5,ee,3c,dc,55,29,c0,5b,d9,9f,cd,3c,9b,6e,d7,\
ab,55,d5,f0,17,6a,a5,9e,a6,8a,1a,ae,72,bd,24,49,a6,39,81,15,1c,ac,53,8f,96,\
26,a6,6e,bd,5b,a8,b3,e3,af,15,81,bb,ec,26,74,ee,e0,82,05,f5,ec,93,35,db,f7,\
64,d2,46,31,40,fd,bc,dc,ba,a7,27,3d,0b,ea,35,ed,dd,8a,d1,11,70,25,bb,b6,d4,\
e9,3f,c4,30,60,ff,df,d3,ee,82,36,a7,ac,5d,dc,c4,f2,15,90,ca,ed,61,16,fd,9b,\
23,52,a2,ef,a7,76,df,97,74,2e,3e,7d,f6,f7,97,0b,99,0f,6c,81,bb,14,4b,85,64,\
a2,7d,1c,97,e9,71,fe,18,5a,6d,6e,8f,ac,c1,9a,08,3a,1a,01,2a,f3,26,33,c1,7c,\
ec,5e,6d,fb,32,55,6f,64,38,15,f9,bc,be,c1,83,f8,68,d8,2c,23,bc,dd,26,d5,5d,\
27,c7,1f,19,94,cf,a6,cf,9a,41,60,7b,95,b1,af,98,a4,cc,2d,15,c9,80,d9,9f,ff,\
af,67,bb,ca,ab,dd,9d,47,8a,d6,8e,70,d9,2b,c5,af,a5,f5,10,f9,23,87,93,98,f2,\
02,6d,bb,7d,2c,38,e3,c6,27,ea,0c,3d,b9,5b,a6,ed,88,c5,fc,86,f9,3a,13,9e,29,\
c3,16,31,9a,42,6e,05,a0,d4,6c,be,41,08,7c,6b,2a,12,27,7f,11,bc,b4,59,0d,3e,\
13,03,94,f9,d5,03,e6,a4,a6,1b,76,b5,31,45,9c,c0,53,8d,a0,7a,bd,3c,67,76,77,\
2c,6b,f4,af,79,d3,ca,44,e2,f3,9c,27,a1,3e,4c,0f,bb,bc,c7,3b,56,e8,c1,29,46,\
a6,61,a6,cf,66,48,2e,e9,1f,98,ee,17,4a,b2,24,0e,89,ed,46,5e,31,de,41,05,e6,\
62,4f,32,fe,cb,42,f7,6b,0b,90,4e,c1,20,0f,66,3b,8f,ba,9b,9e,1f,4e,c7,06,af,\
9c,b6,ea,02,db,f1,a0,0e,06,03,a1,9e,00,9e,5f,c0,36,53,f1,a8,e2,f2,a9,60,27,\
15,8d,e3,2d,bc,5b,bb,0d,7d,9e,55,e8,a9,b3,4e,11,89,4b,d4,88,95,de,bb,93,27,\
c7,a7,05,64,b5,02,77,36,65,fe,d9,b5,e1,a6,ce,dd,d8,4b,30,8d,3c,9c,3d,dd,5e,\
2e,56,50,a9,60,4b,10,3f,23,a1,28,ab,55,be,4a,37,56,94,a5,ff,8a,63,79,64,7f,\
e5,fa,2d,2f,f9,e7,3f,e8,75,98,62,9c,1c,d3,08,0a,e2,c6,9f,27,68,2c,ff,9b,93,\
6b,74,2b,d7,75,a2,08,1f,8d,e4,99,aa,c8,79,5f,00,73,8e,7b,cb,02,8f,90,38,36,\
86,f1,64,19,24,26,cd,14,07,37,0b,02,b4,c3,5c,f5,6b,35,a2,ea,e6,94,d6,85,fe,\
95,f3,b7,35,03,7f,4f,c1,ce,e4,e0,7e,d2,0f,39,35,d3,4c,e0,ad,7b,b0,7a,1c,35,\
82,ab,b8,69,c8,0e,4b,41,be,ee,6b,f0,de,33,b4,d3,f2,fb,fe,cb,d4,be,69,f7,8f,\
74,70,8a,e1,4a,3b,e9,e4,9b,1d,f8,9e,ad,b3,63,b4,e5,27,ef,9d,76,c1,83,9e,c3,\
74,0e,d6,70,4a,fd,8d,36,dd,c3,8c,4d,12,24,0a,43,de,53,00,4b,b3,56,5b,aa,ed,\
50,68,19,73,bb,e9,fb,f5,f4,57,bd,99,82,61,3c,1c,72,e6,c6,60,a7,9a,c8,18,27,\
49,39,0d,e7,1b,f8,cd,3b,f0,98,48,15,2c,12,fe,14,23,5b,e1,96,49,11,a7,ab,52,\
2e,96,bf,0a,7c,9d,7c,5b,48,09,30,97,f1,e9,c2,4e,38,94,5d,1f,1a,ec,a2,89,d8,\
cb,82,e9,5f,c4,98,44,ff,79,91,49,a8,c3,ae,1b,f5,51,5b,16,2a,b3,c4,33,ca,c5,\
11,02,3a,e0,bc,f7,00,e3,24,0d,32,e5,54,dc,7e,27,a1,27,d8,e1,fc,c7,b5,3e,7e,\
fa,bb,28,0c,e2,b5,4d,de,76,61,e5,5c,13,f2,16,20,ba,59,f6,89,40,cd,41,e3,25,\
dc,c8,e5,39,94,4d,45,1e,f6,87,62,53,5f,66,48,a2,fe,a5,cb,d6,52,c0,8c,1d,a5,\
38,cb,fd,0a,1c,2b,94,d4,b7,c1,0c,2f,db,6e,15,99,32,1a,71,ad,14,8a,ec,cf,80,\
dc,eb,cd,ad,47,a1,6d,39,d9,74,9e,9a,08,ec,e5,ea,42,2e,71,90,a3,fb,29,f7,60,\
6f,3a,54,2b,43,a2,e7,74,84,52,60,97,3a,ad,36,af,df,ea,c6,0d,d5,5b,a3,1d,8d,\
d2,3e,c5,52,85,17,a0,1f,72,f3,0f,2e,f7,73,66,0f,05,8f,4d,e1,c5,ac,02,45,30,\
24,10,8a,4e,96,83,c1,9c,26,32,64,15,5d,b0,96,dd,14,b7,9c,e1,0b,0f,5a,81,38,\
c1,e2,59,f8,08,71,25,00,0d,60,fc,bf,ab,4d,ec,e9,ec,04,0f,21,dc,94,22,84,e0,\
be,b5,b4,3a,2a,7f,60,98,7a,9a,f4,3e,7e,83,74,8a,4d,6c,3d,b7,6e,52,4d,be,f6,\
33,9b,e7,60,45,c9,be,01,ef,d8,b3,03,a0,69,50,01,95,5f,43,aa,fb,5e,4e,95,33,\
3b,33,44,d2,8a,26,61,06,4f,9b,91,86,d2,c1,25,ca,19,d0,cb,f9,9a,97,76,fc,e1,\
62,94,b3,87,f4,5a,e5,0c,b2,ab,a2,6f,28,97,67,c5,ba,5e,c8,5e,9d,2f,e0,a8,48,\
96,2c,5b,a9,ce,c9,08,a3,7e,7a,95,55,6b,37,cb,d5,fa,9b,86,2d,ad,4d,ba,b8,14,\
1b,c0,f6,97,e8,1e,51,2a,a8,c2,76,a6,4d,92,c8,34,ea,78,af,b0,0d,4c,f2,6c,dc,\
42,30,10,92,6c,4f,b5,20,97,a4,9c,8e,07,35,cd,a1,90,97,ed,a8,00,48,89,d9,8e,\
d1,b7,10,b7,8f,0d,f6,01,e7,ba,6d,0e,b7,cf,6a,67,ce,d9,3c,27,83,c4,37,34,12,\
0e,6c,3e,dc,53,7e,3d,b9,fc,4c,fd,99,3d,73,ec,94,63,2c,57,6c,fd,fc,42,5a,28,\
c5,78,95,d1,a7,48,e0,c7,81,99,e8,df,cc,61,22,ad,d5,85,6d,a6,f6,f8,e7,0c,5c,\
78,39,15,03,07,b4,34,f6,0f,0c,fb,f8,18,0b,c3,40,de,99,5f,6f,41,c1,07,60,2d,\
42,7e,41,d9,23,e9,de,8d,0b,45,9c,eb,4c,61,36,d8,f2,a2,48,d6,7c,ce,50,27,d4,\
88,18,e3,3b,f8,06,27,0e,c4,fc,8e,44,d8,6d,78,df,70,fe,20,25,39,6b,60,52,7b,\
3d,e6,0e,e5,96,c9,f7,83,94,f5,5d,b4,0c,ad,fc,2c,c1,f7,e3,98,a9,b6,bf,1f,55,\
b7,e7,34,3b,b7,56,66,03,f8,e2,45,ad,c4,54,8f,62,da,28,ad,da,5e,ec,25,25,8c,\
bc,10,7c,33,26,69,60,3e,61,63,b3,77,c1,96,9a,5e,e3,96,eb,ff,13,3e,db,86,12,\
18,1f,0d,de,95,84,a0,42,a1,b6,b3,c3,e1,be,dc,57,85,15,c5,56,e4,3c,8a,74,d4,\
8f,2c,4a,b5,44,54,b6,2b,14,91,74,d0,6e,93,71,a0,94,35,93,be,80,bd,fc,f8,2f,\
2a,5d,12,e0,0b,b5,7a,e3,cb,e5,41,8e,c6,47,33,87,7c,98,33,82,d1,47,f7,8a,ed,\
c2,8d,d2,66,77,05,a8,e4,15,51,77,29,21,ea,24,b7,86,5c,21,42,e4,aa,89,c9,ae,\
b7,28,38,1f,0c,e3,83,86,1c,cf,fe,24,03,e8,48,34,bf,25,61,10,8c,b3,ae,b3,1a,\
73,64,b1,8a,c3,fa,3b,c0,f9,30,92,1a,96,ab,cf,77,24,ca,9b,42,45,94,fb,a5,a3,\
c0,1b,61,d7,7f,a7,7c,ef,fa,68,02,9f,be,59,4e,aa,16,d3,a4,d8,5b,7b,da,a2,d2,\
77,91,81,bc,68,f1,b2,80,94,fb,80,12,56,ad,64,ea,33,59,42,44,21,5e,9c,e5,3e,\
e7,4f,0f,52,a5,32,52,d9,b4,b2,8d,24,55,d6,bd,36,ce,6f,e4,47,21,60,b5,5b,9f,\
97,f6,11,64,af,2f,ce,66,20,98,df,9c,88,7e,7d,f6,b0,a0,1e,e3,89,9c,e6,b6,df,\
e5,7b,40,85,72,17,02,f9,cf,02,6b,df,c9,64,2a,43,77,5f,1c,a8,7e,98,2c,06,bc,\
e7,a8,a0,a8,e0,74,7a,7c,94,9b,0e,cd,a8,a7,f2,10,a2,3d,db,eb,70,71,2b,84,9a,\
81,2a,c7,43,a2,52,68,ee,9a,0c,76,64,87,5e,fa,5e,61,42,46,10,e6,11,90,55,e4,\
a7,b8,0b,0f,d6,23,af,77,e4,69,58,a9,24,92,ca,a2,c6,86,cc,91,9d,18,13,4e,12,\
f1,81,00,19,2f,9f,58,48,bb,49,e0,b6,a4,3d,7e,d1,d8,d0,6b,6c,80,82,85,34,38,\
05,b1,45,15,33,a8,21,4b,94,94,6e,1b,dd,c3,2e,d5,e3,a7,27,df,3f,80,39,74,d8,\
85,af,d5,18,10,43,13,e9,a3,07,67,7e,73,f3,88,a6,89,bb,62,cc,e7,33,e4,da,be,\
d6,66,3d,73,9e,2c,5f,8e,6c,66,95,7a,00,71,4a,93,11,8e,9a,cb,e8,91,08,9c,9c,\
74,5d,39,f5,6e,29,de,55,e4,12,21,54,a6,3d,6c,f5,65,4f,3c,d7,e7,61,ca,64,58,\
14,93,2c,ca,d8,54,4e,c0,79,31,17,c2,b9,9b,fd,ba,71,02,b6,03,9f,5f,3a,38,86,\
1d,c9,92,ea,17,10,ef,62,a0,85,93,11,e4,80,66,1f,5b,60,60,97,c5,77,d1,9b,ee,\
ab,68,be,41,05,3e,4d,9b,0a,a8,ef,19,c6,fc,e6,ae,de,3b,75,87,68,dd,31,83,5f,\
d6,d5,99,68,64,85,f8,f5,c8,d2,2d,7b,26,f4,99,08,84,d7,07,b5,73,83,21,f1,72,\
c8,6d,2f,c8,b1,4c,64,75,bb,30,74,e1,4f,42,86,53,dd,d3,db,9b,ef,87,b1,cf,26,\
d1,c3,8c,1f,62,c7,7c,3c,f4,7b,3d,d5,f9,26,e8,71,eb,76,d1,ba,f2,3c,a4,e4,6a,\
6d,65,ab,83,56,bb,ff,a9,af,a3,a3,2b,3b,36,1f,9a,44,8c,05,3a,ba,70,6f,6d,72,\
07,19,cc,16,e0,ef,dc,79,6c,78,f5,83,3a,39,b6,7e,9d,7e,22,e8,34,07,77,0c,56,\
f4,e3,ce,e1,7e,13,47,bb,4b,6f,da,75,8d,0d,b3,3c,62,04,e3,ad,bd,3f,68,99,72,\
25,07,be,0e,53,74,c7,5d,a8,42,24,7d,d2,9f,be,11,cf,8b,2a,ab,93,ae,cc,7a,fe,\
3f,66,6f,6e,a7,8a,65,54,eb,89,ee,c4,bf,11,f3,82,22,d7,2f,27,04,54,16,07,ba,\
d4,3d,6b,16,21,00,8d,85,c4,d7,02,73,78,dc,14,d0,a1,ab,5a,8e,79,10,47,4b,36,\
51,e7,41,56,28,87,6c,5d,e8,73,cd,c5,ff,00,98,98,02,6a,e4,bf,ad,97,98,46,a1,\
06,ad,af,b3,a6,8a,6a,5a,44,d3,93,2b,4e,4a,46,06,af,96,01,e6,b7,60,ff,bc,18,\
4c,46,e7,98,28,ca,0c,a6,eb,e2,c8,6e,4c,fb,e0,a9,53,6b,56,2b,44,47,4b,ac,04,\
4a,d9,2f,78,38,27,4f,e0,10,88,5f,b9,15,62,d1,0a,f8,ca,cd,e2,1a,d6,17,ac,2a,\
d7,69,91,28,2a,4e,63,b4,fd,0a,83,47,16,86,68,57,5c,a4,ec,e0,95,8f,01,83,48,\
65,8b,11,44,79,ec,27,d8,41,be,64,e7,a5,38,dd,6c,d0,40,cd,ba,fc,a4,d0,eb,d4,\
5f,b6,4c,23,04,2c,db,51,bf,82,62,6d,4e,5a,22,c5,0f,a2,c4,33,f9,a0,c2,b4,cc,\
b9,8b,3a,6f,50,1b,0c,83,1a,e9,a7,c1,6f,fe,eb,60,87,f3,3f,9c,13,db,19,fe,0e,\
05,6b,86,61,49,d9,b2,a1,03,14,fa,fd,fe,a2,47,51,69,27,77,81,5d,43,2b,e1,83,\
26,10,bb,2d,ad,5c,a6,d5,8b,d5,9e,16,6b,0a,9b,e7,31,97,12,a1,64,f9,fd,11,3a,\
16,9f,94,94,d3,4b,59,74,31,36,8c,cc,21,a1,b0,70,f9,aa,9c,8d,76,26,51,ac,49,\
29,48,b4,e3,37,6a,27,03,07,db,9c,e3,c4,7e,86,85,d2,11,1d,d3,29,3f,5e,28,92,\
bb,d7,94,45,dc,c4,ef,3e,ef,a6,1e,a5,4b,4c,01,00,92,74,03,30,aa,e1,ce,08,b6,\
e0,3b,8c,80,fd,93,38,07,94,47,6c,f1,6a,3c,c7,35,95,69,77,45,61,62,55,07,5c,\
4e,aa,d2,ec,98,aa,d3,79,1b,f7,98,bc,31,ae,09,0c,0d,38,5d,2c,08,a4,1a,29,09,\
25,a2,27,ba,ac,1d,b8,35,af,22,47,9b,32,85,0b,80,74,e6,a7,1d,79,0f,7d,78,33,\
a8,9e,98,2f,b2,6d,18,94,fd,57,88,32,3c,11,53,ec,dc,d6,36,c4,d0,02,37,07,8f,\
f1,9c,98,cb,ac,03,f1,66,fa,cb,55,23,99,9b,48,ea,87,74,56,cd,e8,4c,23,9d,82,\
01,13,fe,d6,90,ac,ce,d2,9f,98,76,20,00,32,10,3e,38,0a,01,1c,2c,13,fc,70,f9,\
51,b9,7e,72,85,72,d5,a9,1f,60,03,14,77,e8,98,2e,3a,9d,b5,8c,bd,75,66,26,84,\
6b,b5,11,99,0f,50,04,47,57,93,20,f2,f1,ad,58,92,72,3d,fd,c5,f6,f4,bc,99,11,\
c2,29,8d,b1,32,02,07,83,47,7d,81,15,e3,f4,52,93,68,d0,d2,67,19,5a,fb,3b,38,\
41,33,b4,0c,8a,58,33,92,6f,52,7b,98,d2,b4,b0,20,a6,53,3f,3c,94,28,4d,54,f5,\
ec,f3,78,66,0c,11,9a,72,75,b0,70,0c,33,77,6d,4b,b4,87,cf,fb,87,e1,63,b8,ce,\
23,17,1f,3e,87,98,c4,c0,69,83,95,83,6e,47,23,6b,bf,33,da,02,94,90,fb,92,37,\
6d,e7,e6,97,db,60,d6,61,20,1d,0a,a3,dc,57,8e,3f,b2,11,bc,30,3e,2d,7a,9f,16,\
e5,68,13,5e,39,c1,de,df,5b,0b,09,7d,46,9d,be,e6,3d,a0,79,f0,31,03,37,ec,04,\
8d,83,a9,f6,af,e6,eb,9c,10,f8,97,04,79,a0,1f,a6,eb,df,1c,5f,0c,6b,5f,29,c6,\
c6,fd,e4,b4,ce,53,d5,6c,2a,48,69,ba,36,8a,fa,91,c5,98,e5,4e,3c,1d,57,cb,fa,\
66,8e,42,73,99,6d,ef,03,d9,aa,e7,06,60,97,2b,24,e8,7b,3f,f6,a9,8f,f0,90,15,\
b5,00,f8,d3,34,30,1e,61,b6,e5,38,e1,92,69,e9,3e,19,55,bc,b6,fd,04,4e,ab,7b,\
42,b8,f9,52,2e,c7,bc,3a,78,b8,96,2e,07,5f,ae,36,1f
"??"=hex:de,70,f8,5a,33,d9,c6,14,da,aa,45,ff,1e,0f,c2,c6

[HKEY_USERS\S-1-5-21-3111625162-3632128329-1091921340-1006\Software\SecuROM\License information*NULL*]
@Security="Inherited"
"datasecu"=hex:c1,f9,7b,2a,97,ed,a5,9d,98,9a,ca,64,11,18,db,11,42,2d,de,bb,04,\
04,c9,a4,ec,23,be,7b,45,ad,8b,4b,d5,fe,87,9d,52,26,61,3d,29,68,ad,dd,7f,5c,\
0f,d3,f9,8f,52,48,fe,1d,e1,bb,09,82,70,29,be,09,36,4e,1c,12,da,07,02,c8,08,\
4f,7b,25,95,c0,ca,9d,f9,8c,84,95,1b,7b,1a,91,13,f7,a4,cf,1a,a9,1f,13,16,d8,\
91,1f,8e,2f,42,c6,de,e2,19,b7,79,dd,e9,ee,ed,58,b2,be,c1,5c,46,e7,ff,c8,83,\
7d,dd,4f,1c,87,6b,af,b9,80,4a,56,6b,bb,7b,53,43,b6,31,c8,0e,44,ca,2e,f1,2f,\
fc,be,00,66,1d,3f,6a,4f,b9,58,23,67,fa,5b,9f,02,02,d6,1c,18,6e,dc,6c,70,9c,\
46,74,65,7d,dc,47,f6,cf,6b,16,b6,4f,ab,2a,79,29,d9,f2,8f,57,eb,37,c8,ee,75,\
fe,85,61,69,94,66,d1,b2,eb,b8,fc,22,fb,a9,e5,68,68,28,c6,4b,ff,1f,fe,f9,02,\
28,f7,b4,e0,16,f6,79,2e,c8,cc,7a,e7,93,28,44,39,28,f2,4b,ec,a0,45,13,0b,e6,\
d0,e2,43,4f,9c,18,15,28,f0,f1,20,fc,c5,1c,3e,8d,6f,03,93,3d,ea,b3,8c,a3,69,\
b5,cc,94,d5,33,a7,39,0d,7c,3e,95,2f,46,bf,65,30,d1,3f,67,17,e6,ba,2e,0f,6a,\
af,ae,1e,8f,20,df,59,d2,ae,1f,21,55,ef,31,99,59,c6,2b,be,83,40,d5,4c,85,52,\
ee,01,3b,0f,92,9e,0a,1a,62,7e,fb,d0,4d,23,17,e2,4c,54,0d,6f,a3,b0,0a,af,f9,\
70,53,7a,d7,f4,44,27,8e,6d,eb,d9,e3,7b,73,2e,05,df,20,18,fb,b4,45,dc,86,fe,\
12,9c,23,60,2b,57,fb,a8,43,c4,38,5c,45,f6,55,09,93,7e,46,ad,53,90,2e,f1,87,\
f0,88,eb,b0,e6,6c,5a,7e,34,b8,b3,4e,ee,30,9e,94,77,86,04,19,f4,a4,d3,9a,1d,\
17,65,27,db,aa,c1,80,cd,3b,42,b3,9f,d9,cd,9d,c2,c5,fb,2e,ac,db,dd,a4,13,6c,\
1d,26,e0,0c,50,98,47,70,ac,b4,20,28,ad,c2,c9,06,35,fb,25,e4,6a,fc,12,58,d2,\
82,8c,95,cf,f1,86,c4,14,6b,8c,8d,94,36,58,80,3f,0a,63,63,56,b7,78,82,3a,43,\
d1,63,07,b2,d8,52,e7,24,8c,07,a0,f1,d5,39,e1,0a,5d,1b,7c,99,09,9a,2b,fa,d7,\
66,5d,33,c7,02,ff,e4,60,c6,93,d0,30,ed,60,80,f5,d6,da,fb,9a,52,89,59,94,df,\
61,b9,27,1d,ec,9d,57,45,df,d9,47,37,66,1c,db,94,04,d3,56,f6,39,86,29,2e,2a,\
72,95,3f,f6,13,cf,1c,a7,ce,92,4b,14,41,13,3f,ee,be,89,78,d0,4b,65,30,77,6f,\
55,98,b2,cd,d6,22,40,63,da,2c,54,e7,80,3d,15,11,5a,bc,c2,38,5a,6a,92,93,db,\
12,87,83,0d,9f,d7,fa,51,69,5f,42,c2,b0,5a,a3,87,c6,f9,38,26,ac,16,c3,00,52,\
09,34,1f,a7,a0,0a,c0,67,32,01,8a,76,e2,27,cf,21,8c,ff,35,a2,6f,3d,ed,53,cc,\
26,33,02,e0,a9,e3,ff,7d,5a,f7,4e,72,34,52,83,d7,d3,70,33,f1,06,79,3d,95,aa,\
e1,a1,1f,ff,97,8a,5b,a3,40,49,9c,36,d0,df,ce,5e,64,33,e4,1c,58,55,b8,72,34,\
cb,2f,1a,02,c6,92,ee,5f,46,77,e6,ef,1f,bb,87,47,11,c3,b4,05,c8,d8,d6,03,c5,\
0e,43,50,71,88,08,31,20,88,72,e1,e9,e1,1c,2d,86,94,4d,57,43,8e,49,9a,86,ce,\
34,8c,c3,08,59,ad,b6,8e,bd,49,b2,81,c5,09,d9,53,6d,67,3a,ee,20,ed,b6,76,82,\
e0,85,b9,d3,ce,97,2b,07,e2,8c,0a,4a,c9,ca,70,e9,3b,fe,15,23,7e,e1,5e,f4,b0,\
5e,1f,91,04,9e,d7,29,91,c3,8d,77,7b,dc,a9,d3,23,ff,5e,42,46,63,24,4f,ce,e8,\
3d,01,05,3f,86,5e,a5,fa,1d,c5,89,5e,ee,55,d9,79,69,04,9e,52,94,e4,45,b5,2e,\
1c,92,4e,b2,78,7b,b5,9b,57,a6,40,7e,2f,3e,1d,b8,f1,ae,9b,3c,13,2d,30,1c,3f,\
00,b9,e2,7a,ab,da,45,70,02,b4,fe,e7,2b,16,40,31,40,95,b5,35,e6,a4,49,3c,09,\
05,92,b7,3d,13,7c,40,73,45,e9,15,b4,31,7d,1e,13,65,0c,3d,19,c2,21,72,a8,40,\
f6,0c,fa,ad,4b,0d,9c,04,df,ea,d6,82,d3,22,9e,f5,d5,88,0a,5d,d0,bd,50,64,f1,\
b5,db,ff,57,5a,56,ec,76,a9,e9,e2,51,b9,92,ee,aa,c0,60,f5,42,1c,bb,c3,b1,74,\
5f,fc,2e,d2,74,3c,19,1f,44,57,95,10,5d,dc,b3,fe,55,ad,6c,26,ea,bf,8c,f5,7a,\
a2,70,45,56,6b,3f,6c,d0,20,71,98,f4,b9,a4,41,81,77,1a,a2,99,e6,bb,c4,4e,fc,\
95,e5,e8,d8,85,db,d7,ae,31,3d,23,fa,72,29,c4,93,ec,f4,d5,18,33,f7,c2,f6,50,\
c7,4c,4f,f2,ad,97,4b,50,36,f6,70,01,c5,a9,fc,4e,a2,17,79,a5,51,9e,6c,3c,76,\
58,6e,26,46,ae,64,c4,62,bb,e9,85,74,2e,51,52,6d,f4,b4,b6,b7,11,ea,23,10,e5,\
57,70,b6,81,82,e1,c8,e6,5c,a2,e8,86,de,4a,d5,b0,ab,32,db,d8,9d,f9,ce,30,c9,\
41,9e,34,6e,48,d7,3d,7a,2a,a7,75,f0,f8,9b,99,eb,da,1b,ae,74,1f,3b,0b,0e,e4,\
53,64,2a,61,6b,23,4e,b2,13,7b,c2,93,ef,a6,76,76,37,61,fd,4d,a3,12,45,2e,f8,\
82,db,36,34,4a,8b,db,cb,7c,70,a1,19,94,97,86,54,9b,6c,b9,4a,ea,37,ff,a3,0b,\
4d,f5,55,3b,7e,f5,43,63,c1,7c,86,49,a7,9b,d7,79,48,26,c9,58,df,86,9e,f8,ec,\
5c,62,ba,38,65,db,ff,55,52,0b,46,f7,41,99,ad,76,78,87,3a,a2,04,da,b4,fb,27,\
d3,e9,cf,5a,15,9d,d9,99,9e,8b,cc,3c,23,a7,3e,47,8f,34,77,75,ed,37,f8,3e,08,\
32,9c,ec,3b,0f,b7,06,e8,48,78,7e,68,4d,93,5e,e0,29,a2,e2,7a,e5,06,83,79,e3,\
6d,55,7b,d2,a5,34,01,68,f5,f0,52,fa,3a,f3,f5,e5,37,9e,a8,ec,05,e3,8f,49,86,\
4c,e1,e5,e7,79,b7,44,48,93,53,0d,82,d3,d0,25,7d,ee,a1,2b,e9,7b,4a,8b,7f,a9,\
07,10,c5,a5,48,79,5d,c4,35,9f,2f,7c,c9,5a,e8,ac,e4,ad,6d,25,f5,ac,d5,a1,a7,\
89,6c,5b,fa,77,7e,25,83,9d,42,db,62,de,29,8a,1b,0c,4b,07,51,d5,6f,87,8d,43,\
73,23,99,bd,0a,4a,db,3f,0e,36,0f,71,13,3c,01,46,49,43,40,1d,59,23,80,13,c9,\
ad,c7,a3,33,6d,0b,1a,92,5b,db,f1,e2,90,1c,f7,52,ed,30,72,c4,64,d6,be,8a,71,\
fb,36,27,3a,d5,9e,4a,ac,c7,de,de,67,9c,2e,ec,56,4a,9d,a9,3b,cb,ca,69,ec,0e,\
5b,cf,0b,dd,3b,f5,0a,2b,f7,5e,01,cf,06,a5,88,39,e4,ed,50,4e,05,da,db,07,27,\
78,7c,2f,c0,ec,ac,fe,7b,81,b1,ba,a6,dc,0b,bc,db,40,5b,6d,cf,b5,bd,98,24,b9,\
e2,3a,81,74,55,ae,8c,d8,25,a7,a1,2f,38,37,95,d6,61,09,ea,8b,7d,0d,f8,16,e2,\
8f,c7,8d,47,d6,08,19,23,03,b1,f6,be,33,da,aa,85,0d,a9,e9,6f,35,f5,db,09,59,\
99,76,08,f5,de,2f,d5,2e,3c,ab,77,49,d0,4c,f7,3c,84,16,2c,f0,b9,cb,20,0e,ab,\
50,42,16,3c,5a,31,57,0f,9d,22,15,53,a0,57,cb,e4,bb,4d,85,cf,ed,cb,15,fe,a4,\
c6,84,a9,ab,55,c3,5a,f0,1b,48,74,4c,04,56,13,c7,02,25,c8,24,e5,e3,41,8b,cb,\
f9,62,b6,f3,8e,c0,dc,99,91,0c,d3,84,82,06,2e,28,80,bc,82,7f,77,a0,8e,e0,c4,\
4c,5c,f0,d2,b3,9b,fc,4b,4b,50,2f,2a,c7,3e,eb,61,e1,87,bd,a0,63,60,e9,27,71,\
f7,66,17,42,3e,eb,91,15,d1,4c,f6,22,13,c9,a9,d6,8e,48,2b,00,3d,2c,e2,e1,47,\
0a,1d,6f,33,f9,6c,49,12,8a,0e,02,fc,4a,4d,60,78,02,22,fe,5f,6e,da,58,2d,46,\
92,9e,9f,a6,18,fa,c5,57,10,79,c8,9c,67,4c,62,0e,2f,22,a1,d5,e2,81,07,03,36,\
aa,7d,bd,5b,98,67,4b,6c,b2,28,22,89,72,34,f3,9b,1f,53,ae,df,c8,53,45,46,50,\
1d,9f,e5,15,37,7b,6a,c3,a2,61,0e,27,d5,93,49,26,cb,fd,3b,e7,bb,19,82,8b,8b,\
7d,c3,91,ed,df,43,f0,9c,af,c3,90,f2,aa,51,d3,72,e4,71,f4,95,87,d3,aa,c8,48,\
a7,f0,7a,3a,c6,93,37,57,75,74,6b,67,75,b6,ae,ed,ad,88,24,19,b3,ac,89,a6,37,\
0a,0a,37,6f,59,28,d6,ea,1a,c5,d6,83,16,80,f6,02,4d,16,3b,d9,78,68,35,1a,4b,\
a5,a4,91,96,8c,35,1e,4e,e3,94,f7,a9,94,46,75,15,2d,af,2f,8f,b9,39,54,07,ed,\
47,04,92,19,c1,2b,a5,2d,2c,1f,52,72,69,73,1f,e1,be,96,fd,48,78,79,73,a6,0d,\
5f,bd,69,ad,ff,3b,88,a5,43,16,51,66,14,af,30,bf,89,d8,ae,26,f2,46,55,82,c7,\
1f,81,3c,f1,97,af,f2,5b,2c,fe,c3,bc,cf,a8,d7,83,06,d7,4c,2d,ec,68,43,7a,5e,\
ca,d4,bc,ed,94,43,ce,67,1e,23,6d,dd,5a,80,3e,eb,62,1f,49,8d,90,bf,cc,96,0f,\
64,dd,3a,8d,40,e9,41,e6,83,f9,89,94,90,04,08,25,60,15,da,8d,5d,ed,0b,57,27,\
01,c2,25,bc,65,8c,5e,0c,a8,3b,7e,43,21,4e,0e,a5,12,2a,5a,d2,64,58,ba,9b,fd,\
9c,5c,c6,d5,16,34,91,d8,0f,bc,46,16,14,d6,6b,11,d6,27,ce,06,0a,f8,4c,2d,d6,\
e6,c8,db,0c,ed,d4,10,09,a4,f3,85,2e,b3,e8,7f,bd,95,1e,fb,02,5e,1f,25,e7,0d,\
a7,d7,7e,3d,b0,7f,27,81,2e,69,44,69,69,f6,46,30,2b,f7,0b,32,6c,0b,97,93,1d,\
ae,34,f4,b4,34,58,ac,03,98,96,65,70,2b,cc,e0,82,e7,b8,95,a4,45,97,38,08,94,\
fb,90,0a,a7,f6,0c,19,94,72,eb,c5,da,6e,b1,4e,57,22,ef,e2,3b,43,a3,e0,f5,79,\
4e,24,5e,04,68,a0,fb,ea,1b,29,50,06,3a,d4,b6,bc,d8,80,46,68,26,74,e2,f7,65,\
a5,ab,64,28,e4,08,8e,5a,d5,8e,bb,e3,7e,38,d9,28,dc,55,bc,8a,5e,33,3e,bb,e5,\
17,4a,4f,ac,d5,16,a3,d7,1a,26,d9,a8,78,04,ca,c1,18,36,5b,75,39,83,a8,bd,fd,\
37,6c,88,fd,4e,df,e3,95,fa,6e,be,a7,12,3a,8a,b6,00,fd,b3,6a,ee,b9,2e,9f,0e,\
c0,f9,ac,c4,2d,a8,f8,f7,e6,c2,e6,b5,fa,72,72,c2,92,80,4b,a1,ad,6e,81,fa,3c,\
e7,03,b0,da,72,75,e4,df,82,87,ac,77,a6,30,e5,63,f3,1e,ee,76,4f,fc,4a,f9,d0,\
d1,19,a0,6c,78,75,1e,8b,47,4a,e5,52,93,f4,bb,f4,b9,9f,59,3f,34,56,ea,e0,f2,\
c2,d6,4c,88,52,72,37,67,b6,6f,77,c7,d5,80,46,92,fe,87,cf,e8,61,71,f0,2d,f3,\
1b,ea,22,bc,be,18,90,67,a4,ae,dd,5c,98,36,85,1b,d1,21,62,48,16,8d,e2,2d,a2,\
12,aa,98,c9,b6,fe,c9,67,c7,f7,ed,f2,5c,2a,7e,d8,25,78,14,2a,0a,76,f7,a3,7b,\
c4,c3,72,c6,59,d8,6f,4d,8b,51,55,05,8a,63,12,a7,91,67,eb,5c,97,2d,a9,bf,de,\
61,f4,45,2d,d5,ae,de,c7,1d,98,5f,6e,fa,2e,2e,08,49,e6,3f,d8,da,0e,19,06,c4,\
79,e7,6a,37,7c,aa,51,65,fd,c3,f4,a0,ce,97,49,39,db,41,a5,29,61,39,bf,a3,39,\
e1,70,c5,44,ca,ec,22,61,d8,af,0e,dc,e0,85,e6,db,21,35,f0,27,44,93,a4,7a,3e,\
e8,0a,d8,88,64,bb,64,76,90,7a,33,48,b4,dd,20,ed,c6,6a,ca,76,a8,7c,c7,17,a4,\
98,b4,15,e0,ae,67,dc,cd,f0,9c,35,b3,41,7b,90,97,35,bb,c2,04,60,79,4c,6a,a6,\
00,89,7d,1b,68,d4,ef,15,26,aa,17,76,8f,39,60,96,06,50,9d,91,0e,34,1c,cf,fe,\
a0,5d,50,3c,4e,5c,6d,3a,11,ca,2f,07,76,06,4d,27,54,e8,3b,f0,f1,8f,76,ac,41,\
74,e1,43,2d,4a,a2,54,e2,4e,6b,19,da,f1,fe,b3,16,a4,24,16,93,d8,28,83,d8,25,\
5d,8f,b9,50,b1,1c,bd,a5,28,ad,b1,9b,30,1a,e9,79,fa,3e,ad,2a,b2,67,39,79,0d,\
77,f0,8b,18,63,90,22,ad,94,53,9f,2d,8c,fd,38,a2,f6,1f,5e,bc,f3,06,d8,83,8a,\
58,9b,22,25,cc,a3,00,2c,42,0c,cc,a6,f6,b7,27,5f,9a,29,ab,c5,2b,24,3c,25,f1,\
f3,69,8c,87,33,79,fd,9b,ef,76,3a,33,00,ae,f9,9d,0a,b6,d2,03,21,65,21,93,e1,\
bf,1c,03,39,6b,c4,ee,2b,94,fc,49,d8,27,03,cf,5a,0a,82,74,fe,09,3e,da,3d,80,\
a6,6d,6b,59,db,1d,44,75,39,69,57,36,a6,ef,c7,bc,de,72,7a,c1,63,93,51,1b,8c,\
0c,59,ac,9e,cc,78,c2,1b,5d,21,c5,99,0b,a2,b5,06,a0,68,91,9a,69,77,1c,fe,c6,\
7c,eb,73,77,65,d3,de,3d,10,c6,14,98,f2,d4,5d,6d,12,8b,3f,2c,9e,87,8e,4e,00,\
d3,75,ea,c2,bb,bf,f6,c7,db,36,a0,08,ab,9b,01,9e,f1,ce,f7,82,98,04,b7,de,0d,\
a8,0f,8e,d2,1b,3e,a5,38,0c,63,d1,c4,72,04,22,2a,b2,b7,d8,94,e6,db,fc,ca,4c,\
ad,35,ad,82,0e,d9,f5,c1,fd,09,d9,cd,5b,c8,cb,b6,1b,d7,12,c2,b2,75,ee,50,7f,\
55,3a,05,a4,ac,85,92,f1,3b,d8,64,13,4a,4d,c5,92,f6,74,6f,db,96,bd,6a,5d,4a,\
94,0b,0f,f4,0d,5a,2b,54,0b,29,cb,ea,7a,e4,d8,a3,52,ce,34,6d,61,45,61,87,f6,\
2d,16,c6,97,42,34,4a,b1,fe,d7,4f,24,f9,6b,31,d2,33,c8,d9,aa,3a,fd,21,c4,3c,\
c7,d9,08,33,37,f0,a5,7d,e8,a7,a0,c9,e0,3a,02,57,c6,0f,34,78,cf,73,47,06,05,\
00,2e,ca,87,5c,4a,1b,f8,18,38,41,bb,1f,e4,ca,24,41,1d,89,95,71,13,aa,08,93,\
0f,df,84,52,52,e1,ad,ac,19,3b,bc,46,2d,1e,0c,1a,cf,90,1b,7e,b4,5d,6a,f8,78,\
a1,bb,a5,e2,02,eb,f3,55,30,06,7c,80,4f,b8,99,2e,09,8f,23,e0,06,ac,5b,19,3c,\
1b,a6,00,44,b0,34,f3,4d,62,27,6a,17,7f,14,52,22,49,44,67,9c,82,24,50,d3,97,\
4a,d7,00,7a,86,cd,d3,7a,4c,ad,5f,31,30,0f,7a,b6,b7,c0,7a,ad,87,75,6d,03,bb,\
13,91,3d,08,6b,f3,1e,e4,4c,40,f1,72,09,25,f1,c4,a1,69,ef,0a,8f,7f,89,be,c7,\
4a,60,c8,be,d5,75,89,02,71,b9,57,78,55,fa,63,2c,d9,fd,ad,ce,1f,26,64,c2,03,\
86,2f,81,91,6d,ca,26,e9,4f,fa,41,ef,91,10,88,82,cc,2a,79,60,3c,ac,a3,aa,fb,\
d1,79,5b,7a,8d,08,33,aa,93,6e,a4,91,94,25,df,60,4e,96,e4,da,73,05,0b,f1,08,\
76,bb,81,da,4e,01,57,7f,f0,14,de,26,41,09,e4,9b,f6,58,e2,b9,92,6d,c8,d1,7e,\
59,0e,b0,8e,d6,73,c4,70,ee,a6,a9,03,2b,ba,9e,c7,55,f2,04,11,7e,44,27,af,64,\
4f,51,7a,09,59,36,40,33,b0,23,51,79,99,c9,0c,16,e3,87,a9,e3,85,31,49,12,a1,\
4e,e3,e4,ef,cf,25,0e,4f,03,76,a6,22,2f,d8,31,36,c3,5b,8b,68,26,66,56,5f,a5,\
50,9d,c0,72,74,d1,17,59,98,0b,83,02,5c,f4,e0,93,21,d5,2f,b1,0d,a8,f5,57,76,\
7a,c7,3f,a4,78,ee,15,c2,20,1c,8f,03,30,2b,ec,26,ba,66,48,a0,ac,b5,43,a9,c0,\
7e,4d,fe,9a,d2,de,8e,42,4b,19,a1,fb,24,aa,1b,57,e1,24,e6,bc,0b,fd,a1,ad,a5,\
10,84,9e,cb,e9,9d,34,12,0f,d9,0b,c9,f5,91,46,a6,cb,19,17,42,7f,42,4c,71,2f,\
f6,52,99,cc,4b,c9,c7,47,2a,3c,15,c4,3b,81,f2,40,e9,53,4b,d5,79,51,1e,7b,d2,\
0c,3e,00,18,30,79,6f,76,a2,1c,88,66,05,aa,0b,a1,3c,a8,34,08,4b,6d,90,17,06,\
03,18,9b,d0,1c,46,80,4d,90,fe,8f,59,27,56,47,d0,2f,c8,f2,3f,22,26,e2,74,f0,\
cf,84,8c,3b,5a,1e,9e,84,cd,26,48,89,bb,d1,28,d1,ff,e2,94,35,90,95,75,d4,e1,\
41,4f,cf,da,8a,ee,82,80,d5,43,ea,ec,4d,98,82,88,2c,8c,2c,98,fc,ce,b6,cc,19,\
9a,2e,b4,05,79,db,b8,d9,d7,26,3a,3e,f3,d8,9b,58,70,9e,ae,d8,87,ae,df,2f,4e,\
fc,36,d0,22,27,68,5a,bb,55,35,4f,57,0d,8f,78,38,4a,de,77,b0,e5,c6,2d,11,c1,\
ed,f5,95,88,f0,66,15,24,d3,a8,17,9e,68,16,4f,0a,d2,df,af,6c,2f,bf,13,0d,84,\
c6,90,e5,ed,42,a4,69,22,dd,ba,9f,ca,9c,1a,65,05,ea,05,e5,50,76,80,fb,6e,b1,\
00,a3,85,d8,93,96,e1,31,93,14,e1,31,ae,50,64,f9,3a,cf,f3,aa,d6,5e,00,9c,cf,\
62,83,f7,78,1f,59,de,c6,62,ed,ad,9a,67,81,e8,74,77,ce,c1,8a,ec,2d,0b,78,29,\
bd,ec,1e,11,5e,8e,30,c6,9f,05,34,ad,fb,cb,96,8e,6b,31,73,ce,5f,05,ce,39,6b,\
a8,a4,e6,3c,a6,83,36,29,84,03,9d,c4,4e,73,e8,62,c8,c0,f8,ea,ba,00,9d,50,26,\
7d,4d,85,a7,69,72,73,4c,ce,4f,11,dd,88,e3,15,37,2b,a1,fc,68,44,92,69,15,88,\
5b,8d,bf,8b,e9,d7,00,9f,98,7a,c0,58,0b,3d,f2,3e,19,92,cb,78,01,8d,9d,d5,c0,\
cb,7c,83,05,67,d6,4d,2e,cb,05,84,d8,79,65,03,1f,8d,e5,1b,fc,d4,11,62,e3,dc,\
d0,3c,87,f7,94,bf,cd,a9,6c,4b,ef,b3,4b,a6,59,c0,c0,40,33,0d,db,88,b9,c8,79,\
25,76,d6,5b,44,14,bc,0e,1d,74,b1,0d,77,7b,43,9d,fa,d3,7d,fa,d4,aa,51,b7,72,\
a1,c6,78,63,19,d4,8e,20,79,f0,ae,31,5b,4c,c6,1e,24,82,c8,38,de,99,21,1d,16,\
1b,e5,48,b4,e3,f8,06,65,9a,3e,c5,7c,5b,6b,4e,92,15,99,49,01,85,db,d7,ec,52,\
27,aa,73,01,b3,6a,a6,fa,0d,6f,d6,c3,66,a4,51,c7,57,8c,61,0c,22,c8,fe,ef,c2,\
3f,8d,d3,0c,1f,5e,6d,0c,c3,fe,13,07,d2,f8,5a,8b,47,60,bb,90,32,d7,d0,02,74,\
84,1d,32,9d,e8,10,53,14,f8,28,66,a9,4e,21,55,20,4f,86,01,71,64,fb,b4,97,71,\
2f,8b,68,d2,64,fb,bc,a8,0c,d8,b8,40,87,24,e0,c8,f3,13,02,c4,e2,f1,0b,a9,36,\
c5,e4,69,fc,d3,fe,38,a5,0c,2f,fb,47,7f,11,d5,23,d0,27,db,95,3b,d4,ab,f5,dc,\
e8,c2,d7,02,e7,41,78,21,7f,23,f2,79,52,56,86,37,29,c7,ab,c6,46,c2,ac,07,e2,\
21,84,6e,ce,ed,33,67,ef,c4,1d,f1,49,fc,c5,dd,3b,cd,3d,e5,43,62,1e,cd,1f,65,\
80,fc,4b,7a,96,52,96,a6,06,8f,fa,32,4d,23,5a,41,46,7b,c6,62,55,aa,a0,d6,6e,\
cb,11,0b,b0,2b,5a,96,ed,94,a1,39,14,40,d4,37,fe,58,de,80,e4,c6,07,33,30,93,\
6c,cd,74,77,f2,8f,0b,98,86,25,5c,ca,bf,a5,4a,81,a4,7b,9f,8e,8e,40,06,f3,ca,\
5c,45,63,64,69,cd,e7,bc,7e,41,86,13,0b,f3,e5,dd,e4,b8,61,da,0a,f2,1d,67,d2,\
af,19,88,86,cc,e0,78,99,09,e9,95,14,84,d1,f7,0d,c4,0f,21,ff,e6,39,5e,ee,1a,\
0d,72,28,83,ac,60,2c,69,8f,58,2e,e3,97,c6,31,98,35,e2,ec,74,65,f8,6c,3e,e4,\
6a,87,73,1e,e6,32,be,e1,dd,da,79,de,1d,61,5d,16,e1,59,f7,56,8d,b0,5a,bc,5b,\
0f,ff,bc,90,bc,22,0f,f1,39,be,38,80,ed,98,ad,89,b9,a1,46,c9,7e,6e,35,a4,1a,\
cb,1f,67,1a,4b,2d,2c,de,d9,11,df,9a,b4,44,12,9a,bd,1b,bf,ac,9d,0a,1b,cd,86,\
cf,16,51,b3,11,a1,7b,61,de,88,96,bd,22,70,36,b3,0b,c1,d6,1e,4d,7f,06,8a,b7,\
88,28,f7,19,15,14,f6,43,6c,aa,2c,91,c7,6c,a5,cd,fe,6f,1a,3a,cb,19,66,1e,1e,\
b3,8f,34,3e,a0,5b,09,b4,c8,2f,b4,5f,f1,ba,c9,b6,64,39,25,53,d6,52,b8,45,b6,\
5e,ff,c0,b4,16,86,cf,a2,8a,50,c1,29,28,6f,d8,51,5f,e3,11,11,65,c6,fb,0c,be,\
a7,70,ba,9c,78,0a,f8,40,20,31,18,7d,37,aa,08,fa,f1,11,d2,89,07,fb,0f,63,d3,\
04,68,32,8d,e7,0e,bd,07,6f,54,38,f4,cb,ec,60,27,20,d0,29,35,45,7d,c2,ac,b6,\
c9,02,6e,b8,16,30,d1,ba,2b,69,9f,67,29,54,5b,76,72,4e,30,57,a3,5d,06,aa,77,\
77,e3,fe,f4,ec,18,4a,d4,2b,3b,8c,1b,7c,97,a3,b7,5c,28,a3,d9,25,00,50,86,78,\
bc,df,c8,0b,a0,c5,67,bb,e4,c3,18,d7,99,92,52,c0,dd,0c,74,40,24,32,d0,ee,43,\
60,29,3d,c3,a4,2d,79,5d,26,e9,a9,6d,f3,b1,8f,f1,a8,50,44,52,1d,69,de,d5,3a,\
b4,8b,24,77,46,26,1e,c9,04,6b,12,e6,e4,af,50,90,9e,9b,d2,8c,e5,c0,8c,87,31,\
91,69,6a,dc,16,ee,b5,b3,92,02,51,3d,87,b6,2c,1f,ff,e5,73,a9,8d,a9,37,08,6a,\
ea,93,5d,16,56,b0,e4,33,25,e6,f0,33,00,08,9f,8e,34,f4,26,49,1c,54,c4,78,dc,\
74,fb,07,e4,7c,fb,0f,ec
"rkeysecu"=hex:95,20,fc,64,e6,1f,66,2e,ab,a4,9c,7e,25,3a,0a,df

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-3111625162-3632128329-1091921340-1006
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Sigmatel\GlobalState]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=Administrators
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (B 1 2 3 4 5) (S-1-5-4)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-01 15:04:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 21:04:18

Pre-Run: 17,172,393,984 bytes free
Post-Run: 17,227,722,752 bytes free

946 --- E O F --- 2009-01-01 18:29:12


Hijackthis Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2009-01-01 15:07:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (20%) free of 81 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:06 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - McAfee, Inc. - (no file)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10476 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2007-01-11 3330048]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"Google Update"=C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1165284985\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2007-11-08 577536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-01-01 15:04:55 ----A---- C:\ComboFix.txt
2009-01-01 14:46:17 ----A---- C:\WINDOWS\zip.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\SWREG.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\sed.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\grep.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\VFIND.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\SWSC.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\fdsv.exe
2009-01-01 14:40:58 ----RASH---- C:\BOOT.BAK
2009-01-01 14:40:40 ----RSHD---- C:\cmdcons
2009-01-01 14:40:40 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-01 14:40:38 ----D---- C:\WINDOWS\setup.pss
2009-01-01 14:40:23 ----D---- C:\WINDOWS\setupupd
2009-01-01 14:06:38 ----D---- C:\WINDOWS\ERDNT
2009-01-01 14:06:38 ----D---- C:\Qoobox
2008-12-24 18:57:17 ----A---- C:\WINDOWS\system32\zser32.tmp
2008-12-24 15:48:02 ----D---- C:\Program Files\a-squared Free
2008-12-23 06:51:09 ----D---- C:\rsit
2008-12-23 06:51:09 ----D---- C:\Program Files\trend micro
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 19:42:34 ----D---- C:\WINDOWS\ERUNT
2008-12-21 19:33:33 ----D---- C:\SDFix
2008-12-21 15:09:40 ----D---- C:\fsaua.data
2008-12-20 19:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35:03 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 19:35:03 ----D---- C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 19:10:51 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-12-20 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:44:23 ----D---- C:\Program Files\McAfee.com
2008-12-19 17:44:17 ----D---- C:\Program Files\Common Files\McAfee
2008-12-19 15:52:56 ----D---- C:\Program Files\McAfee
2008-12-19 15:24:40 ----D---- C:\Program Files\CCleaner
2008-12-18 12:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-18 09:11:01 ----D---- C:\Program Files\Windows Defender
2008-12-17 23:06:38 ----D---- C:\df654e35609ef4f0aa945fd8ca7c0514
2008-12-17 13:25:22 ----D---- C:\Config.Msi
2008-12-11 09:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-01 15:06:26 ----D---- C:\WINDOWS\Temp
2009-01-01 15:05:00 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 15:05:00 ----D---- C:\WINDOWS\system32
2009-01-01 15:04:58 ----D---- C:\WINDOWS
2009-01-01 15:02:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 14:57:05 ----SD---- C:\WINDOWS\Tasks
2009-01-01 14:56:36 ----A---- C:\WINDOWS\system.ini
2009-01-01 14:55:27 ----D---- C:\WINDOWS\Prefetch
2009-01-01 14:55:19 ----D---- C:\WINDOWS\Registration
2009-01-01 14:54:36 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-01 14:49:45 ----D---- C:\WINDOWS\AppPatch
2009-01-01 14:49:45 ----D---- C:\Program Files\Common Files
2009-01-01 14:47:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 14:46:16 ----SHD---- C:\System Volume Information
2009-01-01 14:46:16 ----D---- C:\WINDOWS\system32\Restore
2009-01-01 14:40:59 ----RASH---- C:\boot.ini
2008-12-31 15:32:55 ----D---- C:\Program Files
2008-12-24 18:53:58 ----D---- C:\Program Files\Photodex Presenter
2008-12-22 20:28:11 ----SHD---- C:\WINDOWS\Installer
2008-12-22 20:27:31 ----D---- C:\Program Files\Java
2008-12-22 17:56:57 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-22 17:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-22 17:48:05 ----HD---- C:\WINDOWS\inf
2008-12-21 23:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 22:05:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 10:56:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 18:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 18:56:25 ----D---- C:\Program Files\Symantec
2008-12-20 17:05:25 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Minidump
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Debug
2008-12-19 00:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-18 19:09:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 19:08:03 ----D---- C:\Program Files\Yahoo!
2008-12-18 19:07:20 ----D---- C:\Program Files\SimPE
2008-12-18 18:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 18:53:55 ----D---- C:\Program Files\LimeWire
2008-12-18 12:04:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 09:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 08:58:52 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-18 08:43:49 ----D---- C:\WINDOWS\system32\config
2008-12-18 08:43:12 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:29:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 12:13:28 ----D---- C:\WINDOWS\Help
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:40:46 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 22:10:17 ----D---- C:\Program Files\World of Warcraft
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-19 8552]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-25 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

-----------------EOF-----------------
Diane

#11 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 02 January 2009 - 02:12 AM

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\dllcache\zser32.tmp
c:\windows\system32\zser32.tmp

Folder::
C:\SDFix
C:\df654e35609ef4f0aa945fd8ca7c0514
c:\windows\system32\xflx

Renv::



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Posted Image
Proud member of ASAP since 2007

#12 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 January 2009 - 10:49 AM

ComboFix Log:

ComboFix 09-01-01.02 - Me 2009-01-02 9:37:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1416 [GMT -6:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Me\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\dllcache\zser32.tmp
c:\windows\system32\zser32.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\df654e35609ef4f0aa945fd8ca7c0514
c:\df654e35609ef4f0aa945fd8ca7c0514\update\eula.txt
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\backups_old\backupreg.zip
c:\sdfix\backups_old1\backupreg.zip
c:\sdfix\backups_old1\backups.zip
c:\sdfix\backups_old1\catchme.log
c:\sdfix\backups_old1\HOSTS
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\Report_old_1.txt
c:\sdfix\Report_old_2.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\system32\dllcache\zser32.tmp
c:\windows\system32\xflx\
c:\windows\system32\zser32.tmp

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-24 15:48 . 2008-12-24 18:46 <DIR> d-------- c:\program files\a-squared Free
2008-12-23 06:51 . 2008-12-23 06:51 <DIR> d-------- C:\rsit
2008-12-23 06:51 . 2009-01-01 15:07 <DIR> d-------- c:\program files\trend micro
2008-12-22 20:27 . 2008-12-22 20:27 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-22 17:48 . 2008-12-22 17:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-12-21 19:42 . 2008-12-21 19:43 <DIR> d-------- c:\windows\ERUNT
2008-12-21 15:09 . 2008-12-21 15:09 <DIR> d-------- C:\fsaua.data
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35 . 2008-12-20 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34 . 2008-12-20 19:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\documents and settings\Me\Application Data\Malwarebytes
2008-12-20 19:10 . 2008-12-20 19:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-20 19:10 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 17:47 . 2009-01-02 09:33 10,855 --a------ c:\windows\system32\Config.MPF
2008-12-19 17:45 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-19 17:45 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-19 17:45 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-19 17:45 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-19 17:45 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-19 17:44 . 2008-12-19 17:44 <DIR> d-------- c:\program files\McAfee.com
2008-12-19 17:44 . 2008-12-19 17:45 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-19 17:44 . 2007-07-13 09:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-19 15:52 . 2008-12-22 17:47 <DIR> d-------- c:\program files\McAfee
2008-12-19 15:24 . 2008-12-19 15:24 <DIR> d-------- c:\program files\CCleaner
2008-12-19 11:03 . 2008-12-19 11:03 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-18 12:06 . 2008-12-22 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50 . 2008-12-18 11:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-18 09:11 . 2008-12-18 09:11 <DIR> d-------- c:\program files\Windows Defender
2008-12-03 19:36 . 2008-12-21 17:19 578,560 --a------ c:\windows\system32\xflx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 00:53 --------- d-----w c:\program files\Photodex Presenter
2008-12-23 02:27 --------- d-----w c:\program files\Java
2008-12-22 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-22 05:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 16:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 00:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-21 00:56 --------- d-----w c:\program files\Symantec
2008-12-19 23:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-19 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-19 01:08 --------- d-----w c:\program files\Yahoo!
2008-12-19 01:07 --------- d-----w c:\program files\SimPE
2008-12-19 00:53 --------- d-----w c:\program files\LimeWire
2008-12-18 14:58 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 04:10 --------- d-----w c:\program files\World of Warcraft
2008-11-25 22:01 578,560 ----a-w c:\windows\system32\user32.DLL
2008-11-25 22:01 578,560 ----a-w c:\windows\system32\dllcache\user32.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2007-07-18 21:21 3,762 ----a-w c:\documents and settings\Me\Application Data\wklnhst.dat
2007-01-08 22:23 1,415,618 ----a-w c:\program files\iFP-790(us)_V165.zip
2007-01-02 01:25 200,704 ----a-w c:\program files\bbemulator.exe
2006-11-07 01:56 72,560 ----a-w c:\documents and settings\Me\Application Data\GDIPFONTCACHEV1.DAT
2006-09-30 15:18 251 ----a-w c:\program files\wt3d.ini
2008-07-15 23:48 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-15 23:48 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-15 23:48 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-15 23:48 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-15 23:48 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-09-26 14:56 88 --sh--r c:\windows\system32\D2EFE3DB57.sys
2006-09-26 14:56 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-14 17:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-01_15.02.49.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-01 18:30:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 15:26:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-01 18:30:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 15:26:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-01-11 3330048]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"Google Update"="c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Me\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 08:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 17:37 229437 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 11:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 18:52 50736 c:\program files\Common Files\AOL\1165284985\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 18:51 233472 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 10:24 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-09-01 05:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1165284985\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-22 206096]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; []
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-04-09 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-04-09 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-04-09 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-04-09 23680]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3111625162-3632128329-1091921340-1006.job
- c:\documents and settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 14:05]

2008-12-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 09:39:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-01-02 9:42:35
ComboFix-quarantined-files.txt 2009-01-02 15:41:18
ComboFix2.txt 2009-01-01 21:04:55

Pre-Run: 17,196,863,488 bytes free
Post-Run: 17,178,333,184 bytes free

384 --- E O F --- 2009-01-01 18:29:12



HJT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2009-01-02 09:43:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (20%) free of 81 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:12 AM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\trend micro\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060919
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: Media Center Extender Service (McrdSvc) - McAfee, Inc. - (no file)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10334 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3111625162-3632128329-1091921340-1006.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C23EBCD1-66D8-4DBB-BA08-4481422573B1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [2007-01-11 3330048]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"Google Update"=C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1165284985\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2007-11-08 577536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165284985\ee\aolsoftware.exe:*:Disabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-01-02 09:42:36 ----A---- C:\ComboFix.txt
2009-01-02 09:36:20 ----D---- C:\ComboFix
2009-01-01 14:46:17 ----A---- C:\WINDOWS\zip.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\SWREG.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\sed.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-01 14:46:17 ----A---- C:\WINDOWS\grep.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\VFIND.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\SWSC.exe
2009-01-01 14:46:16 ----A---- C:\WINDOWS\fdsv.exe
2009-01-01 14:40:58 ----RASH---- C:\BOOT.BAK
2009-01-01 14:40:40 ----RSHD---- C:\cmdcons
2009-01-01 14:40:40 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-01 14:40:38 ----D---- C:\WINDOWS\setup.pss
2009-01-01 14:40:23 ----D---- C:\WINDOWS\setupupd
2009-01-01 14:06:38 ----D---- C:\WINDOWS\ERDNT
2009-01-01 14:06:38 ----D---- C:\Qoobox
2008-12-24 15:48:02 ----D---- C:\Program Files\a-squared Free
2008-12-23 06:51:09 ----D---- C:\rsit
2008-12-23 06:51:09 ----D---- C:\Program Files\trend micro
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 20:27:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 19:42:34 ----D---- C:\WINDOWS\ERUNT
2008-12-21 15:09:40 ----D---- C:\fsaua.data
2008-12-20 19:35:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 19:35:03 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-20 19:35:03 ----D---- C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com
2008-12-20 19:34:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 19:10:51 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2008-12-20 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 19:10:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:44:23 ----D---- C:\Program Files\McAfee.com
2008-12-19 17:44:17 ----D---- C:\Program Files\Common Files\McAfee
2008-12-19 15:52:56 ----D---- C:\Program Files\McAfee
2008-12-19 15:24:40 ----D---- C:\Program Files\CCleaner
2008-12-18 12:06:35 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-12-18 11:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-18 09:11:01 ----D---- C:\Program Files\Windows Defender
2008-12-17 13:25:22 ----D---- C:\Config.Msi
2008-12-11 09:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-02 09:42:54 ----D---- C:\WINDOWS\Prefetch
2009-01-02 09:42:39 ----D---- C:\WINDOWS\system32
2009-01-02 09:42:38 ----D---- C:\WINDOWS\Temp
2009-01-02 09:42:38 ----D---- C:\WINDOWS
2009-01-02 09:39:23 ----A---- C:\WINDOWS\system.ini
2009-01-02 09:38:24 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 09:38:22 ----D---- C:\WINDOWS\AppPatch
2009-01-02 09:38:22 ----D---- C:\Program Files\Common Files
2009-01-02 09:37:34 ----SHD---- C:\WINDOWS\system32\dllcache
2009-01-02 09:36:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 16:00:25 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-01-01 15:08:36 ----SD---- C:\WINDOWS\Tasks
2009-01-01 15:02:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 14:55:19 ----D---- C:\WINDOWS\Registration
2009-01-01 14:46:16 ----SHD---- C:\System Volume Information
2009-01-01 14:46:16 ----D---- C:\WINDOWS\system32\Restore
2009-01-01 14:40:59 ----RASH---- C:\boot.ini
2008-12-31 15:32:55 ----D---- C:\Program Files
2008-12-24 18:53:58 ----D---- C:\Program Files\Photodex Presenter
2008-12-22 20:28:11 ----SHD---- C:\WINDOWS\Installer
2008-12-22 20:27:31 ----D---- C:\Program Files\Java
2008-12-22 17:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-22 17:48:05 ----HD---- C:\WINDOWS\inf
2008-12-21 23:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-21 22:05:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 10:56:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 18:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-20 18:56:25 ----D---- C:\Program Files\Symantec
2008-12-20 17:05:25 ----D---- C:\WINDOWS\pss
2008-12-19 17:23:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Minidump
2008-12-19 15:40:56 ----D---- C:\WINDOWS\Debug
2008-12-19 00:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-18 19:09:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 19:08:03 ----D---- C:\Program Files\Yahoo!
2008-12-18 19:07:20 ----D---- C:\Program Files\SimPE
2008-12-18 18:54:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 18:53:55 ----D---- C:\Program Files\LimeWire
2008-12-18 12:04:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-18 09:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 08:58:52 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-18 08:43:49 ----D---- C:\WINDOWS\system32\config
2008-12-18 08:43:12 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:29:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 12:13:28 ----D---- C:\WINDOWS\Help
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:40:46 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 22:10:17 ----D---- C:\Program Files\World of Warcraft
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-19 8552]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-25 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

-----------------EOF-----------------
Diane

#13 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 02 January 2009 - 11:02 AM

How are things running know?
Posted Image
Proud member of ASAP since 2007

#14 DG2007

DG2007
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 January 2009 - 11:26 AM

I just scanned the C:\Windows\system32 folder with McAfee and it didn't find Patched User32.

Does this mean the infection is gone?

My laptop is running much more like normal, except my Dell Wireless Card Utility doesn't show up in my utility tray by the time like it used to. I will keep trying to get it to show back up but at least the Microsoft utility is working and I can get online using wireless card again. I'm just used to using the Dell utility so it's not a bit deal if I switch to using the Microsoft - just a little annoying I guess.

Anything I should do to make sure the virus is gone?

THANKS!
Diane

#15 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 02 January 2009 - 11:33 AM

Hi,

I just scanned the C:\Windows\system32 folder with McAfee and it didn't find Patched User32.

Does this mean the infection is gone?

Yes, it is.

The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
  • Go to Start
  • Click on Run
  • Type ComboFix /u (Note: This command is case sensitive.)
    Posted Image
  • Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All. Then remove the check mark for cookies
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  • Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  • Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
  • Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.
  • Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above.

  • Please check out Tony Klein's article "How did I get infected in the first place?"
Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users