Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help Needed - Unknown Infection -Logs attached


  • This topic is locked This topic is locked
2 replies to this topic

#1 Scott_ATX

Scott_ATX

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 24 March 2009 - 03:33 PM

I am experiencing the same issues being described in http://www.bleepingcomputer.com/forums/lof...hp/t206736.html

Basically, trying to run cmd.exe causes explorer to instantly crash and restart, and I am unable to browse the web at all with Internet Explorer. My pop mail via Outlook works fine as well as mapping network drives, but web browsing is a no go. Yesterday, I was getting redirected after clicking a link when using google. Today, I get "internet explorer cannot display the wepage" on any URL i attempt to access.

When I attempted to run DDS, it fails just like CMD.exe does. Below are logs from HighJackThis, OTViewIt.exe and RSIT.exe. Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:47 PM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 1: Posh Posh Designs, Custom Invitations and Stationery Designs! - http://www.poshposhdesigns.com/

--
End of file - 9831 bytes



Logfile of random's system information tool 1.06 (written by random/random)
Run by Vanessa at 2009-03-24 15:00:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 76 GB (66%) free of 114 GB
Total RAM: 1918 MB (73% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-11 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-13 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-13 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-13 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-13 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-04-23 303104]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-11 1601304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2008-09-09 623880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-08 68856]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"dll"=rundll32 dll32,sm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-11 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0rlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6qbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0rlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6qbxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2183a4-c1f4-11dc-b6c2-001c238e6e8a}]
shell\AutoRun\command - E:\LapNetWizard.exe


======List of files/folders created in the last 2 months======

2009-03-24 14:57:46 ----D---- C:\rsit
2009-03-24 14:57:46 ----D---- C:\Program Files\trend micro
2009-03-24 14:05:47 ----D---- C:\32788R22FWJFW
2009-03-24 13:57:41 ----A---- C:\WINDOWS\system32\cmd2.exe
2009-03-24 13:51:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-19 14:14:35 ----SHD---- C:\WINDOWS\system32\lowsec
2009-03-12 00:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 00:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-04 07:17:05 ----D---- C:\Program Files\websrvx
2009-02-26 18:03:13 ----D---- C:\Program Files\Common Files\supportsoft
2009-02-26 16:27:08 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2009-02-26 16:27:03 ----A---- C:\WINDOWS\system32\cdintf300.dll
2009-02-26 16:22:46 ----D---- C:\Program Files\Intuit
2009-02-26 16:22:46 ----D---- C:\Program Files\Common Files\Intuit
2009-02-26 16:22:46 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2009-02-26 16:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
2009-02-26 16:21:39 ----A---- C:\WINDOWS\QBChanUtil_Trigger.ini
2009-02-26 16:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2009-02-26 16:00:14 ----D---- C:\Documents and Settings\Vanessa\Application Data\Download Manager
2009-02-26 16:00:10 ----D---- C:\Program Files\Akamai
2009-02-26 01:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 12:43:36 ----D---- C:\Documents and Settings\Vanessa\Application Data\Malwarebytes
2009-02-24 12:43:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-24 12:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-20 16:20:19 ----A---- C:\WINDOWS\system32\stu2.exe
2009-02-16 16:15:28 ----A---- C:\WINDOWS\system32\pywintypes25.dll
2009-02-16 16:15:28 ----A---- C:\WINDOWS\system32\pythoncom25.dll
2009-02-16 16:15:26 ----A---- C:\WINDOWS\system32\python25.dll
2009-02-12 01:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 23:43:22 ----A---- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
2009-02-11 22:16:46 ----HD---- C:\$AVG8.VAULT$
2009-02-11 21:54:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-11 21:54:11 ----D---- C:\Program Files\AVG
2009-02-11 21:54:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-10 14:53:48 ----D---- C:\WINDOWS\system32\scripting
2009-02-10 14:53:47 ----D---- C:\WINDOWS\l2schemas
2009-02-10 14:53:46 ----D---- C:\WINDOWS\system32\en
2009-02-10 14:53:46 ----D---- C:\WINDOWS\system32\bits
2009-02-10 14:50:27 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-10 14:46:32 ----D---- C:\WINDOWS\network diagnostic
2009-02-10 14:42:26 ----A---- C:\WINDOWS\system32\SET2367.tmp
2009-02-10 14:42:24 ----A---- C:\WINDOWS\system32\SET23FD.tmp
2009-02-10 14:42:23 ----A---- C:\WINDOWS\system32\SET252D.tmp
2009-02-10 14:42:22 ----A---- C:\WINDOWS\system32\SET25B6.tmp
2009-02-10 14:42:22 ----A---- C:\WINDOWS\system32\SET25AC.tmp
2009-02-10 14:42:22 ----A---- C:\WINDOWS\system32\SET2576.tmp
2009-02-10 14:42:22 ----A---- C:\WINDOWS\system32\SET2566.tmp
2009-02-10 14:42:19 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-02-10 14:42:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-10 14:42:02 ----A---- C:\WINDOWS\SET21A5.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET227E.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET227C.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET2279.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET2277.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET2271.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET226E.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET226A.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET2268.tmp
2009-02-10 14:42:00 ----A---- C:\WINDOWS\system32\SET2266.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET229A.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2297.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2295.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2291.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET228B.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET228A.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2289.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2283.tmp
2009-02-10 14:41:59 ----A---- C:\WINDOWS\system32\SET2282.tmp
2009-02-10 14:41:58 ----A---- C:\WINDOWS\system32\SET229D.tmp
2009-02-10 14:41:57 ----A---- C:\WINDOWS\system32\SET22B3.tmp
2009-02-10 14:41:57 ----A---- C:\WINDOWS\system32\SET22B2.tmp
2009-02-10 14:41:57 ----A---- C:\WINDOWS\system32\SET22A9.tmp
2009-02-10 14:41:57 ----A---- C:\WINDOWS\system32\SET22A2.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22C7.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22C6.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22C5.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22C2.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22C0.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22BF.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22BD.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22BA.tmp
2009-02-10 14:41:56 ----A---- C:\WINDOWS\system32\SET22B8.tmp
2009-02-10 14:41:55 ----A---- C:\WINDOWS\system32\SET22D5.tmp
2009-02-10 14:41:55 ----A---- C:\WINDOWS\system32\SET22D3.tmp
2009-02-10 14:41:55 ----A---- C:\WINDOWS\system32\SET22CB.tmp
2009-02-10 14:41:55 ----A---- C:\WINDOWS\system32\SET22CA.tmp
2009-02-10 14:41:55 ----A---- C:\WINDOWS\system32\SET22C9.tmp
2009-02-10 14:41:54 ----A---- C:\WINDOWS\system32\SET22DD.tmp
2009-02-10 14:41:54 ----A---- C:\WINDOWS\system32\SET22DA.tmp
2009-02-10 14:41:53 ----A---- C:\WINDOWS\system32\SET2311.tmp
2009-02-10 14:41:53 ----A---- C:\WINDOWS\system32\SET2300.tmp
2009-02-10 14:41:53 ----A---- C:\WINDOWS\system32\SET22FF.tmp
2009-02-10 14:41:52 ----A---- C:\WINDOWS\system32\SET2321.tmp
2009-02-10 14:41:52 ----A---- C:\WINDOWS\system32\SET231D.tmp
2009-02-10 14:41:52 ----A---- C:\WINDOWS\system32\SET2317.tmp
2009-02-10 14:41:51 ----A---- C:\WINDOWS\system32\SET2330.tmp
2009-02-10 14:41:51 ----A---- C:\WINDOWS\system32\SET232E.tmp
2009-02-10 14:41:51 ----A---- C:\WINDOWS\system32\SET232D.tmp
2009-02-10 14:41:51 ----A---- C:\WINDOWS\system32\SET232C.tmp
2009-02-10 14:41:50 ----A---- C:\WINDOWS\system32\SET2343.tmp
2009-02-10 14:41:49 ----A---- C:\WINDOWS\system32\SET234E.tmp
2009-02-10 14:41:49 ----A---- C:\WINDOWS\system32\SET234B.tmp
2009-02-10 14:41:49 ----A---- C:\WINDOWS\system32\SET2349.tmp
2009-02-10 14:41:48 ----A---- C:\WINDOWS\system32\SET2363.tmp
2009-02-10 14:41:48 ----A---- C:\WINDOWS\system32\SET2361.tmp
2009-02-10 14:41:48 ----A---- C:\WINDOWS\system32\SET2360.tmp
2009-02-10 14:41:48 ----A---- C:\WINDOWS\system32\SET2359.tmp
2009-02-10 14:41:48 ----A---- C:\WINDOWS\system32\SET2355.tmp
2009-02-10 14:41:47 ----A---- C:\WINDOWS\system32\SET2382.tmp
2009-02-10 14:41:47 ----A---- C:\WINDOWS\system32\SET237E.tmp
2009-02-10 14:41:47 ----A---- C:\WINDOWS\system32\SET236E.tmp
2009-02-10 14:41:47 ----A---- C:\WINDOWS\system32\SET236C.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET23B7.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET23A8.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET2390.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET238C.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET238A.tmp
2009-02-10 14:41:46 ----A---- C:\WINDOWS\system32\SET2388.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23D6.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23D5.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23D1.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23C9.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23C1.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23BF.tmp
2009-02-10 14:41:45 ----A---- C:\WINDOWS\system32\SET23B9.tmp
2009-02-10 14:41:44 ----A---- C:\WINDOWS\system32\SET23D9.tmp
2009-02-10 14:41:43 ----A---- C:\WINDOWS\system32\SET23E4.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET240B.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET2400.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23FC.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23FB.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23FA.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23F8.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23F6.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23F1.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23EF.tmp
2009-02-10 14:41:42 ----A---- C:\WINDOWS\system32\SET23EE.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET2415.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET2414.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET2413.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET2412.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET2410.tmp
2009-02-10 14:41:41 ----A---- C:\WINDOWS\system32\SET240E.tmp
2009-02-10 14:41:40 ----A---- C:\WINDOWS\system32\SET2417.tmp
2009-02-10 14:41:40 ----A---- C:\WINDOWS\system32\SET2416.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET242E.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET242D.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET242A.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET2427.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET2421.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET2420.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET241E.tmp
2009-02-10 14:41:39 ----A---- C:\WINDOWS\system32\SET241D.tmp
2009-02-10 14:41:38 ----A---- C:\WINDOWS\system32\SET2444.tmp
2009-02-10 14:41:38 ----A---- C:\WINDOWS\system32\SET2441.tmp
2009-02-10 14:41:38 ----A---- C:\WINDOWS\system32\SET2440.tmp
2009-02-10 14:41:38 ----A---- C:\WINDOWS\system32\SET2439.tmp
2009-02-10 14:41:38 ----A---- C:\WINDOWS\system32\SET2434.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET245C.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET245B.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2456.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2455.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2454.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2452.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET244E.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET244C.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET244B.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2448.tmp
2009-02-10 14:41:37 ----A---- C:\WINDOWS\system32\SET2447.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET247F.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2478.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2477.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2474.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2473.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2472.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2471.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2470.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET246E.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET246D.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET246C.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET246A.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2469.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2468.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2466.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET2462.tmp
2009-02-10 14:41:36 ----A---- C:\WINDOWS\system32\SET245D.tmp
2009-02-10 14:41:35 ----A---- C:\WINDOWS\system32\SET249E.tmp
2009-02-10 14:41:35 ----A---- C:\WINDOWS\system32\SET2499.tmp
2009-02-10 14:41:35 ----A---- C:\WINDOWS\system32\SET2480.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24B3.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24B2.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24A7.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24A5.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24A4.tmp
2009-02-10 14:41:34 ----A---- C:\WINDOWS\system32\SET24A0.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24D5.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24CF.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24CE.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24CD.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24CC.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24CA.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24C4.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24BE.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24B8.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24B6.tmp
2009-02-10 14:41:33 ----A---- C:\WINDOWS\system32\SET24B4.tmp
2009-02-10 14:41:31 ----A---- C:\WINDOWS\system32\SET24E1.tmp
2009-02-10 14:41:31 ----A---- C:\WINDOWS\system32\SET24E0.tmp
2009-02-10 14:41:31 ----A---- C:\WINDOWS\system32\SET24DF.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24F5.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24F3.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24F2.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24EE.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24ED.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24E9.tmp
2009-02-10 14:41:30 ----A---- C:\WINDOWS\system32\SET24E8.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET2515.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET2514.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET2513.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET2501.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET24FC.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET24FA.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET24F8.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET24F7.tmp
2009-02-10 14:41:29 ----A---- C:\WINDOWS\system32\SET24F6.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET252B.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET2528.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET2527.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET251E.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET251D.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET251A.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET2518.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET2517.tmp
2009-02-10 14:41:28 ----A---- C:\WINDOWS\system32\SET2516.tmp
2009-02-10 14:41:27 ----A---- C:\WINDOWS\system32\SET253A.tmp
2009-02-10 14:41:27 ----A---- C:\WINDOWS\system32\SET2537.tmp
2009-02-10 14:41:27 ----A---- C:\WINDOWS\system32\SET2536.tmp
2009-02-10 14:41:27 ----A---- C:\WINDOWS\system32\SET252F.tmp
2009-02-10 14:41:27 ----A---- C:\WINDOWS\system32\SET252E.tmp
2009-02-10 14:41:26 ----A---- C:\WINDOWS\system32\SET254C.tmp
2009-02-10 14:41:26 ----A---- C:\WINDOWS\system32\SET254B.tmp
2009-02-10 14:41:26 ----A---- C:\WINDOWS\system32\SET2543.tmp
2009-02-10 14:41:26 ----A---- C:\WINDOWS\system32\SET253E.tmp
2009-02-10 14:41:26 ----A---- C:\WINDOWS\system32\SET253D.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2565.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2563.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2562.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET255A.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2557.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2556.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET2554.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET254F.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET254E.tmp
2009-02-10 14:41:25 ----A---- C:\WINDOWS\system32\SET254D.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET2578.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET2577.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET2572.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET256B.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET256A.tmp
2009-02-10 14:41:24 ----A---- C:\WINDOWS\system32\SET2569.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2588.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2586.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2585.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2582.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2581.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2580.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET257D.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET257C.tmp
2009-02-10 14:41:23 ----A---- C:\WINDOWS\system32\SET2579.tmp
2009-02-10 14:41:22 ----A---- C:\WINDOWS\system32\SET259A.tmp
2009-02-10 14:41:22 ----A---- C:\WINDOWS\system32\SET2599.tmp
2009-02-10 14:41:22 ----A---- C:\WINDOWS\system32\SET2596.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25AF.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25AE.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25AD.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25A9.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25A7.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25A6.tmp
2009-02-10 14:41:21 ----A---- C:\WINDOWS\system32\SET25A5.tmp
2009-02-10 14:41:20 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-02-10 14:41:20 ----A---- C:\WINDOWS\system32\autochk.exe
2009-02-10 14:41:20 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\ftp.exe
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\format.com
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\cmd.exe
2009-02-10 14:41:19 ----A---- C:\WINDOWS\system32\cacls.exe
2009-02-10 14:41:18 ----RA---- C:\WINDOWS\system32\sdra64.exe
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\printui.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\locator.exe
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\localspl.dll
2009-02-10 14:41:18 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\ulib.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\smss.exe
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\services.exe
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\schannel.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\savedump.exe
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\samlib.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\rasman.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-02-10 14:41:17 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-02-10 14:41:16 ----AH---- C:\WINDOWS\system32\userinit.exe
2009-02-10 14:41:16 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-02-10 14:41:16 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-02-10 14:41:16 ----A---- C:\WINDOWS\system32\untfs.dll
2009-02-10 14:41:10 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-10 14:41:10 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-10 14:41:10 ----A---- C:\WINDOWS\system32\hal.dll
2009-02-10 14:40:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-10 14:40:54 ----D---- C:\WINDOWS\EHome
2009-02-02 20:57:58 ----D---- C:\Documents and Settings\Vanessa\Application Data\Apple Computer
2009-02-02 14:17:54 ----D---- C:\Program Files\LimeWire
2009-02-02 14:16:38 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-02-02 14:16:07 ----D---- C:\Program Files\iPod
2009-02-02 14:16:03 ----D---- C:\Program Files\iTunes
2009-02-02 14:16:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 14:15:40 ----D---- C:\Program Files\Bonjour
2009-02-02 14:14:52 ----D---- C:\Program Files\QuickTime
2009-02-02 14:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-02 14:14:26 ----D---- C:\Program Files\Apple Software Update
2009-02-02 14:13:54 ----D---- C:\Program Files\Common Files\Apple
2009-02-02 14:13:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-26 10:16:03 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 2 months======

2009-03-24 15:00:07 ----D---- C:\Temp
2009-03-24 14:59:16 ----D---- C:\WINDOWS\Prefetch
2009-03-24 14:57:46 ----RD---- C:\Program Files
2009-03-24 14:52:31 ----D---- C:\WINDOWS\system32
2009-03-24 14:52:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-24 14:49:02 ----D---- C:\WINDOWS\Temp
2009-03-24 14:48:18 ----D---- C:\WINDOWS
2009-03-24 14:48:16 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-03-24 14:03:37 ----HD---- C:\WINDOWS\inf
2009-03-24 14:03:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 13:50:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-24 13:08:37 ----D---- C:\WINDOWS\system32\drivers
2009-03-24 00:00:28 ----SHD---- C:\WINDOWS\Installer
2009-03-24 00:00:28 ----HD---- C:\Config.Msi
2009-03-23 14:28:05 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-13 11:02:25 ----D---- C:\Vanessa
2009-03-12 00:02:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-12 00:01:52 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 03:07:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-06 01:00:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-06 01:00:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-26 18:03:13 ----D---- C:\Program Files\Common Files
2009-02-26 16:27:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-26 16:27:18 ----RSD---- C:\WINDOWS\assembly
2009-02-26 16:24:12 ----D---- C:\WINDOWS\WinSxS
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-19 13:55:02 ----D---- C:\Program Files\WinZip
2009-02-16 16:15:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 16:00:08 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-02-15 16:00:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 01:11:32 ----D---- C:\Program Files\Internet Explorer
2009-02-11 23:53:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-11 23:51:52 ----D---- C:\Program Files\Symantec
2009-02-11 23:51:46 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-11 23:45:47 ----SD---- C:\WINDOWS\Tasks
2009-02-11 22:03:19 ----SD---- C:\Documents and Settings\Vanessa\Application Data\Microsoft
2009-02-10 16:20:39 ----RASH---- C:\boot.ini
2009-02-10 16:20:39 ----A---- C:\WINDOWS\win.ini
2009-02-10 16:20:39 ----A---- C:\WINDOWS\system.ini
2009-02-10 16:16:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-10 16:12:37 ----D---- C:\MDT
2009-02-10 16:10:33 ----D---- C:\WINDOWS\security
2009-02-10 16:07:40 ----D---- C:\WINDOWS\AppPatch
2009-02-10 16:07:38 ----D---- C:\WINDOWS\system32\wbem
2009-02-10 16:07:31 ----D---- C:\WINDOWS\system32\usmt
2009-02-10 16:07:28 ----D---- C:\WINDOWS\system32\Setup
2009-02-10 16:07:24 ----D---- C:\WINDOWS\system32\Restore
2009-02-10 16:07:24 ----D---- C:\WINDOWS\system32\oobe
2009-02-10 16:07:22 ----D---- C:\WINDOWS\system32\npp
2009-02-10 16:07:14 ----D---- C:\WINDOWS\system32\Com
2009-02-10 16:05:03 ----D---- C:\WINDOWS\system
2009-02-10 16:05:03 ----D---- C:\WINDOWS\srchasst
2009-02-10 16:05:03 ----D---- C:\WINDOWS\PeerNet
2009-02-10 16:05:01 ----D---- C:\WINDOWS\msagent
2009-02-10 16:04:56 ----RSD---- C:\WINDOWS\Fonts
2009-02-10 16:04:56 ----D---- C:\WINDOWS\ime
2009-02-10 16:04:56 ----D---- C:\WINDOWS\Help
2009-02-10 16:04:51 ----D---- C:\Program Files\Windows NT
2009-02-10 16:04:50 ----D---- C:\Program Files\Windows Media Player
2009-02-10 16:04:50 ----D---- C:\Program Files\Outlook Express
2009-02-10 16:04:49 ----D---- C:\Program Files\NetMeeting
2009-02-10 16:04:48 ----D---- C:\Program Files\Movie Maker
2009-02-10 16:04:47 ----D---- C:\Program Files\Messenger
2009-02-10 16:04:33 ----D---- C:\Program Files\Common Files\System
2009-02-10 16:03:27 ----D---- C:\WINDOWS\system32\en-US
2009-02-10 14:44:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 15:11:47 ----D---- C:\Music
2009-02-02 14:16:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-26 10:16:19 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-11 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-11 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-11 107272]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-23 1972224]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-04-23 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-05-23 446464]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-11 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-09-10 24576]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
S2 etmavh;etmavh; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S2 websrvx;websrvx; C:\Program Files\websrvx\websrvx.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-13 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2008-08-08 61440]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-03-24 14:57:50

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Illustrator 8.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Illustrator 8.0\Uninst.dll"
-->MsiExec.exe /I{9A2F0810-369F-4E86-9072-973FBE1679C5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Extra Content-->MsiExec.exe /I{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}
CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang BR-->MsiExec.exe /I{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}
CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}
CorelDRAW Graphics Suite X4 - Lang ES-->MsiExec.exe /I{D2827848-7D2A-4547-9AD1-C965FB3E6344}
CorelDRAW Graphics Suite X4 - Lang FR-->MsiExec.exe /I{9D306690-3173-42CD-94C6-9EF9318AF24B}
CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF000}
CorelDRAW® Graphics Suite X4 - Extra Content-->C:\Documents and Settings\All Users\Documents\Corel\CorelDRAW Graphics Suite X4\Extras\Setup\SetupARP.exe /arp
CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW® Graphics Suite X4-->C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PSC & Officejet 4.7 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzscr01.exe" -datfile hposcr05.dat
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QuickBooks Simple Start 2009-->msiexec.exe /I {9A2F0810-369F-4E86-9072-973FBE1679C5} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start 2009" ADDREMOVE=1
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WinZip 9 SR1-->MsiExec.exe /I{D3237537-FD01-454C-AA87-14C889336F8D}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: AVG Anti-Virus Free
FW: Norton Internet Worm Protection (disabled)

======System event log======

Computer Name: VANESSALAPTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 36822
Source Name: Service Control Manager
Time Written: 20090211224400.000000-360
Event Type: error
User:

Computer Name: VANESSALAPTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 36819
Source Name: Service Control Manager
Time Written: 20090211224359.000000-360
Event Type: error
User:

Computer Name: VANESSALAPTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 36816
Source Name: Service Control Manager
Time Written: 20090211224359.000000-360
Event Type: error
User:

Computer Name: VANESSALAPTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 36813
Source Name: Service Control Manager
Time Written: 20090211224359.000000-360
Event Type: error
User:

Computer Name: VANESSALAPTOP
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 36810
Source Name: Service Control Manager
Time Written: 20090211224359.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: VANESSALAPTOP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 25338
Source Name: usnjsvc
Time Written: 20090311232125.000000-360
Event Type:
User:

Computer Name: VANESSALAPTOP
Event Code: 1517
Message: Windows saved user VANESSALAPTOP\Vanessa registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 25326
Source Name: Userenv
Time Written: 20090311230816.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANESSALAPTOP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 24974
Source Name: usnjsvc
Time Written: 20090306145958.000000-360
Event Type:
User:

Computer Name: VANESSALAPTOP
Event Code: 1517
Message: Windows saved user VANESSALAPTOP\Vanessa registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 24962
Source Name: Userenv
Time Written: 20090306145708.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VANESSALAPTOP
Event Code: 11316
Message: Product: Windows Live Sign-in Assistant -- Error 1316. A network error occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Record Number: 24915
Source Name: MsiInstaller
Time Written: 20090306000033.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


OTViewIt logfile created on: 3/24/2009 2:58:32 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Temp
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 74.03% Memory free
3.72 Gb Paging File | 3.33 Gb Available in Paging File | 89.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 74.25 Gb Free Space | 66.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANESSALAPTOP
Current User Name: Vanessa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/05/23 14:59:20 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/03/16 03:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2007/03/16 03:10:52 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2007/05/23 14:59:20 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2009/02/11 21:54:12 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2009/02/11 21:54:18 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/11 21:54:18 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2007/04/27 01:10:10 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/03/16 03:10:54 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2007/04/23 21:01:30 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2009/02/11 21:54:16 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/09/29 10:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/09/11 01:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[2006/09/29 10:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 05:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 05:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 05:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2009/03/24 14:43:14 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Temp\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/05/23 14:59:20 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2009/02/11 21:54:12 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/19 12:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2009/01/13 19:59:26 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2008/09/10 23:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2008/08/08 22:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
[2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
File not found -- -- (websrvx [Auto | Stopped])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2007/03/16 03:10:54 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/05/23 14:59:20 | 01,972,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/05/23 14:07:28 | 00,003,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide [Boot | Running])
[2009/02/11 21:54:45 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/11 21:54:43 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/11 21:54:53 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2007/03/16 03:10:56 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/04/23 21:29:38 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2007/09/21 02:01:48 | 00,395,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/28 20:11:20 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/07/28 20:11:20 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/07/28 20:11:21 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2007/04/23 21:15:44 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/04/23 21:15:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/04/23 21:15:48 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/07/24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/04/23 21:00:16 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2004/08/04 05:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/04/23 21:01:28 | 01,228,296 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2007/04/27 00:37:24 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2007/04/23 21:15:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/03 23:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://go.microsoft.com/fwlink/?LinkId=54843
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"dll"=rundll32 dll32,sm (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/09/11 01:06:56 | 00,984,352 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [2005/11/10 13:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 13:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
CabBuilder: http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{801DA79F-C6D8-4506-A253-1DFE0B0D77FE} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{9617A8A0-0AC0-4A47-9C30-5251E5D93D43} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2009/02/20 16:20:14 | 00,008,704 | -H-- | M] () -- C:\WINDOWS\system32\userinit.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2183a4-c1f4-11dc-b6c2-001c238e6e8a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2183a4-c1f4-11dc-b6c2-001c238e6e8a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2183a4-c1f4-11dc-b6c2-001c238e6e8a}\Shell\AutoRun\command]
""=E:\LapNetWizard.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[553 C:\WINDOWS\System32\*.tmp files]
[2009/03/24 14:57:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/03/24 14:57:46 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/03/24 14:47:55 | 20,112,13824 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/24 14:05:47 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/24 13:57:41 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd2.exe
[2009/03/19 14:14:35 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/03/06 01:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/04 18:50:00 | 00,080,377 | ---- | C] () -- C:\tiffany_mono_buscard.jpg
[2009/03/04 07:17:05 | 00,000,000 | ---D | C] -- C:\Program Files\websrvx
[2009/03/04 07:17:02 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\t55ft3223f44.dat
[2009/03/04 07:16:59 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\t55ft3518f44.dat
[2009/03/01 15:05:52 | 00,003,265 | ---- | C] () -- C:\boot.png
[2009/03/01 14:56:45 | 00,033,280 | ---- | C] () -- C:\boot.doc
[2009/02/27 15:05:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vanessa\Local Settings\Application Data\Intuit
[2009/02/27 14:50:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nfr.assembly
[2009/02/26 18:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2009/02/26 16:27:08 | 01,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2009/02/26 16:27:03 | 03,518,464 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2009/02/26 16:26:46 | 00,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/02/26 16:26:46 | 00,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Simple Start.lnk
[2009/02/26 16:22:46 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2009/02/26 16:22:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2009/02/26 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2009/02/26 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/02/26 16:21:39 | 00,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/26 16:21:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/02/26 16:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/26 16:00:15 | 33,503,8128 | ---- | C] (Intuit, Inc. ) -- C:\Documents and Settings\Vanessa\Desktop\QuickBooksSimpleStartDirect2009.exe
[2009/02/26 16:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vanessa\Application Data\Download Manager
[2009/02/26 16:00:11 | 00,001,404 | ---- | C] () -- C:\Documents and Settings\Vanessa\Desktop\Setup_QuickBooks_SimpleStart_Direct_2009[1].lnk
[2009/02/26 16:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\Akamai
[2009/02/24 12:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vanessa\Application Data\Malwarebytes
[2009/02/24 12:43:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/24 12:43:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/24 12:43:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/24 12:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/24 12:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/24 12:27:22 | 00,008,628 | -H-- | C] () -- C:\Documents and Settings\Vanessa\Desktop\WINPHLASH.GID

========== Files - Modified Within 30 Days ==========

[553 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\Vanessa\My Documents\*.tmp files]
[2009/03/24 14:52:31 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/24 14:52:31 | 00,410,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/24 14:52:31 | 00,065,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/24 14:48:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/24 14:48:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 14:47:55 | 20,112,13824 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/24 14:47:01 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Vanessa\Local Settings\Application Data\IconCache.db
[2009/03/24 10:42:33 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Vanessa\My Documents\My Sharing Folders.lnk
[2009/03/23 18:57:17 | 34,361,849 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/23 18:57:17 | 00,052,898 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/19 09:55:24 | 00,053,248 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2009/03/17 22:06:13 | 00,006,656 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[2009/03/13 16:54:14 | 00,082,368 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2009/03/12 12:48:42 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Vanessa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 00:19:17 | 00,500,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 00:01:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/05 15:43:42 | 00,037,376 | -HS- | M] () -- C:\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Thumbs.db:encryptable
[2009/03/04 18:50:00 | 00,080,377 | ---- | M] () -- C:\tiffany_mono_buscard.jpg
[2009/03/04 07:17:02 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\t55ft3223f44.dat
[2009/03/04 07:16:59 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\t55ft3518f44.dat
[2009/03/01 15:02:24 | 00,003,265 | ---- | M] () -- C:\boot.png
[2009/03/01 14:56:46 | 00,033,280 | ---- | M] () -- C:\boot.doc
[2009/02/27 14:50:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nfr.assembly
[2009/02/26 16:27:07 | 00,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/26 16:26:46 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/02/26 16:26:46 | 00,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Simple Start.lnk
[2009/02/26 16:03:49 | 33,503,8128 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Vanessa\Desktop\QuickBooksSimpleStartDirect2009.exe
[2009/02/26 16:00:11 | 00,001,404 | ---- | M] () -- C:\Documents and Settings\Vanessa\Desktop\Setup_QuickBooks_SimpleStart_Direct_2009[1].lnk
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/24 12:43:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/24 12:27:41 | 00,008,628 | -H-- | M] () -- C:\Documents and Settings\Vanessa\Desktop\WINPHLASH.GID
< End of report >

BC AdBot (Login to Remove)

 


#2 Scott_ATX

Scott_ATX
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 27 March 2009 - 11:14 AM

You can disregard this thread, I was able to get it resolved on my own.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:03 AM

Posted 27 March 2009 - 11:54 AM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users