Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 bdeandel

bdeandel

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 July 2009 - 09:17 PM

I have been having strange problems with my computer recently...not being able to undock from a docking station. Marlware being reported...removed...then reappearing....and then most recently IE does not unload from the processes after I close out the program...sometimes it does and sometimes it doesn't and when it doesn't the next time I start up IE it loads another process until finally it depletes the memory and slows things down dramatically.

A couple of weeks ago was getting a blue screen of death with the problem file being associated to the file RimSerial.sys. I removed that file and it appears to have taken care of the the blue screen of death problem, but the undocking still does not work and now the IE problem.

DDS (Ver_09-06-26.01) - NTFSx86
Run by BDEAN at 22:04:45.59 on Tue 07/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1898 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\BDEAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://genie.wlgore.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://chipsndip.wlgore.com/
uInternet Settings,ProxyServer = 157.204.22.4:8080
uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [PicoZip] c:\program files\picozip\PicoZipTray.exe
uRun: [Aim6]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Discovery User Input] c:\discovery\user input\userin32.exe
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [AGNS_Config] nircmd execmd c:\windows\ATT_Config.cmd
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mExplorerRun: [1] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
mExplorerRun: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\novell~1.lnk - c:\program files\novell\ifolder\trayapp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoPublishingWizard = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Trusted Zone: //localhost/main.html
Trusted Zone: att.com\www.customerservice
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TAXSOFTWARE - hxxp://www.taxsoftware.com/Taxsoftware.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://chipsndip/download/CfxIEAx.cab
DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_OutBound_mail.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://server10b.wlgore.com/iNotes6W.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_HI_Client.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170107208780
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} - hxxp://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_Desktop_Integration.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://useqcprodapp01:8080/qcbin/Spider90.ocx
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - hxxps://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_HI_Client.cab
DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btconferencing.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} - hxxp://chipsndip/CHipsNDip1/Activex/NWSess.ocx
TCP: NameServer = 157.204.22.7 157.204.216.40
Filter: text/html - {28a97390-71cf-4943-81f6-770aaa868d04} - c:\windows\system32\xwreg32.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - c:\program files\igqgqwb\infoenmnt.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 nwv1_0

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-13 64160]
R0 NifFltr;NifFltr;c:\windows\system32\drivers\NIFfltr.sys [2006-7-12 25300]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1980-1-1 9969]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2008-5-29 25472]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2005-3-5 34671]
R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2006-9-25 19328]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21);c:\program files\quest software\toad for data analysts trial 2.1\db2 client\bin\db2mgmtsvc.exe [2007-7-23 35616]
R2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2008-12-6 3315080]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-6 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-10-6 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-10-6 54608]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-27 36480]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2006-1-6 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2007-1-10 61440]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [2009-6-10 20008]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-7 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-7 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-7 177672]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-27 20480]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26);c:\program files\google\update\GoogleUpdate.exe [2008-7-12 133104]
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2003-4-4 13952]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21);c:\program files\quest software\toad for data analysts trial 2.1\db2 client\bin\db2sec.exe [2007-7-23 14112]
S3 RmAx;RMAXUSB;c:\windows\system32\drivers\RmAx.sys [2006-12-26 40502]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2005-3-23 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1980-1-1 14912]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1980-1-1 22528]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2009-07-21 09:58 46,592 -------- c:\windows\system32\drivers\irbus.sys
2009-07-21 09:54 <DIR> --d----- c:\windows\network diagnostic
2009-07-21 09:53 19,569 a------- c:\windows\003322_.tmp
2009-07-21 09:46 974 -------- c:\windows\system32\pid.inf
2009-07-21 09:46 974 -------- c:\windows\system32\dllcache\pid.inf
2009-07-21 09:45 20,992 -------- c:\windows\system32\spupdwxp.exe
2009-07-21 09:45 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-07-21 09:44 20,992 -------- c:\windows\system32\faxpatch.exe
2009-07-15 23:19 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-14 22:42 15,360 a------- c:\windows\soon.exe
2009-07-14 22:42 215 a------- c:\windows\ATT_Config.cmd
2009-07-13 12:36 <DIR> --d----- C:\CoreTechnology
2009-07-01 02:01 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-01 01:56 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2009-06-30 17:07 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-27 18:47 36,480 a------- c:\windows\system32\drivers\srenum.sys
2009-06-27 18:47 20,480 a------- c:\windows\system32\drivers\ndisrd.sys

==================== Find3M ====================

2009-07-21 20:32 78,863 a------- c:\windows\system32\nvModes.dat
2009-07-21 20:31 20,008 a------- c:\windows\system32\drivers\CDProbe.SYS
2009-07-21 10:01 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 14:46 268,288 a------- c:\windows\system32\dllcache\httpext.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-06 13:36 63,566 a------- c:\windows\Global_Variables.cmd
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2006-07-17 16:19 31 a------- c:\program files\Notes.ini

============= FINISH: 22:06:17.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 01 August 2009 - 07:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 01 August 2009 - 02:59 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by BDEAN at 15:47:49.37 on Sat 08/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1627 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200811140851\win32\x86\notes2.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\BDEAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://genie.wlgore.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://chipsndip.wlgore.com/
uInternet Settings,ProxyServer = 157.204.22.4:8080
uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [PicoZip] c:\program files\picozip\PicoZipTray.exe
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Discovery User Input] c:\discovery\user input\userin32.exe
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AGNS_Config] nircmd execmd c:\windows\ATT_Config.cmd
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mExplorerRun: [1] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
mExplorerRun: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\novell~1.lnk - c:\program files\novell\ifolder\trayapp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoPublishingWizard = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Trusted Zone: //localhost/main.html
Trusted Zone: att.com\www.customerservice
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: TAXSOFTWARE - hxxp://www.taxsoftware.com/Taxsoftware.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://chipsndip/download/CfxIEAx.cab
DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_OutBound_mail.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://server10b.wlgore.com/iNotes6W.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_HI_Client.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249146508140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249146483765
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} - hxxp://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_Desktop_Integration.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://useqcprodapp01:8080/qcbin/Spider90.ocx
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - hxxps://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_HI_Client.cab
DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btconferencing.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} - hxxp://chipsndip/CHipsNDip1/Activex/NWSess.ocx
TCP: NameServer = 157.204.22.7 157.204.216.40
TCP: {9F51538B-227A-48B3-A149-1B7F393AF719} = 157.204.22.7,157.204.216.40
Filter: text/html - {28a97390-71cf-4943-81f6-770aaa868d04} - c:\windows\system32\xwreg32.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - c:\program files\igqgqwb\infoenmnt.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 nwv1_0

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-13 64160]
R0 NifFltr;NifFltr;c:\windows\system32\drivers\NIFfltr.sys [2006-7-12 25300]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1980-1-1 9969]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2008-5-29 25472]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2005-3-5 34671]
R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2006-9-25 19328]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21);c:\program files\quest software\toad for data analysts trial 2.1\db2 client\bin\db2mgmtsvc.exe [2007-7-23 35616]
R2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2008-12-6 3315080]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-6 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-10-6 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-10-6 54608]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-27 36480]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2006-1-6 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2007-1-10 61440]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2003-4-4 13952]
R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [2009-6-10 20008]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-7 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-7 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-7 177672]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-27 20480]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26);c:\program files\google\update\GoogleUpdate.exe [2008-7-12 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21);c:\program files\quest software\toad for data analysts trial 2.1\db2 client\bin\db2sec.exe [2007-7-23 14112]
S3 RmAx;RMAXUSB;c:\windows\system32\drivers\RmAx.sys [2006-12-26 40502]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2005-3-23 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1980-1-1 14912]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1980-1-1 22528]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2009-08-01 15:08 <DIR> --d----- c:\program files\Shared
2009-08-01 15:00 <DIR> --d----- c:\docume~1\bdean\applic~1\smkits
2009-08-01 14:49 <DIR> --d----- c:\documents and settings\bdean\SecurityScans
2009-08-01 14:48 <DIR> --d----- c:\program files\Microsoft Baseline Security Analyzer 2
2009-07-31 14:10 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-31 14:10 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-31 14:10 268,288 -c------ c:\windows\system32\dllcache\httpext.dll
2009-07-31 14:10 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-31 14:10 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-31 14:10 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-07-31 14:08 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-31 14:07 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx
2009-07-31 14:07 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll
2009-07-31 14:07 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll
2009-07-31 14:07 155,648 -c------ c:\windows\system32\dllcache\wscript.exe
2009-07-31 14:07 135,168 -c------ c:\windows\system32\dllcache\cscript.exe
2009-07-31 14:07 90,112 -c------ c:\windows\system32\dllcache\wshext.dll
2009-07-31 02:04 <DIR> --d----- C:\aHoldingFolder
2009-07-31 01:00 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-07-31 01:00 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-07-31 00:50 19,569 a------- c:\windows\003522_.tmp
2009-07-30 23:54 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-07-30 23:53 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-07-30 23:50 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-30 23:50 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-30 23:50 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-30 23:50 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-30 23:50 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-07-30 23:50 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-30 23:50 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-07-30 23:49 252,928 a------- c:\windows\system32\msoeacct.dll
2009-07-30 23:49 105,984 a------- c:\windows\system32\msoert2.dll
2009-07-30 23:49 691,712 a------- c:\windows\system32\inetcomm.dll
2009-07-30 23:47 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-07-30 23:19 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-07-30 23:19 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-07-30 23:19 24,661 a------- c:\windows\system32\spxcoins.dll
2009-07-30 23:19 13,312 a------- c:\windows\system32\irclass.dll
2009-07-30 23:18 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-07-30 23:18 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-07-30 23:18 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-07-30 23:18 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-07-30 23:18 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-07-30 23:18 7,710 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-07-30 23:18 1,042,903 ac------ c:\windows\system32\dllcache\SP2.CAT
2009-07-30 23:18 13,753 a----r-- c:\windows\SETC8.tmp
2009-07-30 23:18 1,086,058 a----r-- c:\windows\SETBC.tmp
2009-07-30 23:18 1,042,903 a----r-- c:\windows\SETB9.tmp
2009-07-30 18:53 <DIR> --d----- c:\windows\dell
2009-07-21 09:59 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-21 09:59 3,990 a------- c:\windows\system32\wbem\napclientschema.mof
2009-07-21 09:59 638 a------- c:\windows\system32\wbem\napclientprov.mof
2009-07-21 09:54 63,663 a------- c:\windows\system32\drivers\ati1rvxx.sys
2009-07-21 09:53 19,569 a------- c:\windows\003322_.tmp
2009-07-21 09:53 104,559 a------- c:\windows\setupapi.old
2009-07-21 09:46 974 a------- c:\windows\system32\pid.inf
2009-07-21 09:45 20,992 a------- c:\windows\system32\spupdwxp.exe
2009-07-21 09:45 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-07-21 09:44 20,992 a------- c:\windows\system32\faxpatch.exe
2009-07-19 09:32 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-15 23:19 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-14 22:42 15,360 a------- c:\windows\soon.exe
2009-07-14 22:42 215 a------- c:\windows\ATT_Config.cmd
2009-07-13 12:36 <DIR> --d----- C:\CoreTechnology

==================== Find3M ====================

2009-08-01 14:41 85,075 a------- c:\windows\system32\nvModes.dat
2009-08-01 13:01 20,008 a------- c:\windows\system32\drivers\CDProbe.SYS
2009-07-31 01:02 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-30 23:48 26,224 a------- c:\windows\system32\emptyregdb.dat
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-28 04:02 36,480 a------- c:\windows\system32\drivers\srenum.sys
2009-06-27 18:47 20,480 a------- c:\windows\system32\drivers\ndisrd.sys
2009-06-01 10:31 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 13:36 63,566 a------- c:\windows\Global_Variables.cmd
2006-07-17 16:19 31 a------- c:\program files\Notes.ini

============= FINISH: 15:49:54.57 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 02 August 2009 - 11:19 AM

Hi bdeandel,


Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

Did you place the following proxy server by yourself? Please response that question in your next reply. Thanks

uInternet Settings,ProxyServer = 157.204.22.4:8080


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt. Thanks.

#5 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 August 2009 - 06:50 PM

The proxy you asked about is intentionally there.

I was not able to successfully run/save gmer log....the first time I ran it when it completed there was a message box that popped up...when I clicked ok and went to hit the save button I discovered that my computer was totally locked up. The second time I ran it, it appeared to have just finished running when it got a blue screen of death.

This is the log.txt from RSIT followed by the info.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by BDEAN at 2009-08-04 19:43:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (10%) free of 95 GB
Total RAM: 3070 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:25 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Documents and Settings\BDEAN\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BDEAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://genie.wlgore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://chipsndip.wlgore.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 157.204.22.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: 157.204.22.243 login.wlgore.com
O1 - Hosts: 157.204.22.242 iam-am.wlgore.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AGNS_Config] nircmd execmd C:\WINDOWS\ATT_Config.cmd
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TAXSOFTWARE - http://www.taxsoftware.com/Taxsoftware.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://chipsndip/download/CfxIEAx.cab
O16 - DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19237/applets/Si...tBound_mail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://server10b.wlgore.com/iNotes6W.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19237/applets/Si...x_HI_Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146508140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146483765
O16 - DPF: {85615D08-3D5B-4045-976D-231011156A6D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19230/applets/Si...tBound_mail.cab
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} (Novell User Group Control) - http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://crmweb01/sales_enu/19237/applets/Si...Integration.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://useqcprodapp01:8080/qcbin/Spider90.ocx
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
O16 - DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - https://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19230/applets/Si...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25...bex/ieatgpc.cab
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} (Novell Session Control) - http://chipsndip/CHipsNDip1/Activex/NWSess.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O17 - HKLM\Software\..\Telephony: DomainName = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 157.204.22.7 157.204.216.40
O18 - Filter hijack: text/html - {28a97390-71cf-4943-81f6-770aaa868d04} - C:\WINDOWS\system32\xwreg32.dll
O21 - SSODL: infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - C:\Program Files\igqgqwb\infoenmnt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - c:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DB2 Management Service (TAEVAL21) (DB2MGMTSVC_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL21) (DB2NTSECSERVER_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe
O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8d516337c5b26) (gupdate1c8d516337c5b26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\lotus\notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 21573 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2004-05-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-24 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2004-05-14 131072]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-05-07 40960]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-01 7561216]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2006-06-29 1032192]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-30 136600]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-08-10 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-08-10 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-08-10 45056]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-08-10 20480]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-11-08 49152]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"Discovery User Input"=c:\Discovery\User Input\userin32.exe [2009-02-14 233472]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-05-02 55368]
"DMXLauncher"=C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe [2007-04-02 113400]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2005-05-18 40960]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-07-17 136512]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-10-06 111952]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-05-07 45056]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-30 520024]
"AGNS_Config"=nircmd execmd C:\WINDOWS\ATT_Config.cmd []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"2"=nircmd execmd C:\WINDOWS\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2006-04-07 1343488]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"NetSP - restore settings on power failure"=C:\Program Files\AT&T Global Network Client\NetSP.exe [2007-01-13 24576]
"PicoZip"=C:\Program Files\PicoZip\PicoZipTray.exe []
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Novell iFolder.lnk - C:\Program Files\Novell\iFolder\trayapp.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll [2007-01-10 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - C:\Program Files\igqgqwb\infoenmnt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\NalShell.dll [2007-07-20 458752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"CompatibleRUPSecurity"=1
"DisableCAD"=1
"DontDisplayLastUserName"=0
"LegalNoticeText"=Access to this system is restricted to authorized users only. This system contains information that is considered confidential and proprietary to W. L. Gore & Associates, Inc. By clicking OK, you agree to not disclose the information contained in this system to any third party or to use it for your own use or benefit, without the written permission of W. L. Gore & Associates, Inc.
"ShutdownWithoutLogon"=1
"UndockWithoutLogon"=1
"LegalNoticeCaption"=IMPORTANT Notice:
"LogonType"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"ForceStartMenuLogOff"=1
"Intellimenus"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"NoPublishingWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=
"NoPublishingWizard"=
"NoWebServices"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\DPMW32.EXE"="C:\WINDOWS\System32\DPMW32.EXE:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Eicon\Shiva VPN Client\ICDESK.EXE"="C:\Program Files\Eicon\Shiva VPN Client\ICDESK.EXE:*:Enabled:VPN Client Windows Application"
"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
"C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe"="C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\sea78\MC\BIN\siebel.exe"="C:\sea78\MC\BIN\siebel.exe:*:Enabled:Siebel Mobile Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1161132214\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1161132214\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1161132214\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1161132214\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##usevss02#vssinstall]
shell\AutoRun\command - V:\setup.exe


======List of files/folders created in the last 1 months======

2009-08-04 19:43:11 ----D---- C:\rsit
2009-08-04 17:10:59 ----D---- C:\Program Files\Garmin
2009-08-01 15:08:10 ----D---- C:\Program Files\Shared
2009-08-01 14:48:51 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-07-31 14:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-31 14:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-31 14:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-31 14:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-31 14:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-31 14:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-31 14:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-31 14:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-07-31 14:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-31 14:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-31 14:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-31 14:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-31 14:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-31 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-31 14:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-07-31 14:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-31 14:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-31 14:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-31 14:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-31 14:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-31 14:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-31 14:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-31 14:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-31 14:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-31 14:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-31 14:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-31 14:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-31 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-31 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-31 14:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-31 14:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-31 14:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-31 14:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-31 02:04:52 ----D---- C:\aHoldingFolder
2009-07-31 01:10:00 ----D---- C:\WINDOWS\Prefetch
2009-07-31 01:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-31 00:50:08 ----A---- C:\WINDOWS\003522_.tmp
2009-07-31 00:46:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-30 23:50:52 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-30 23:49:55 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-30 23:18:29 ----RA---- C:\WINDOWS\SETC8.tmp
2009-07-30 23:18:24 ----RA---- C:\WINDOWS\SETBC.tmp
2009-07-30 23:18:22 ----RA---- C:\WINDOWS\SETB9.tmp
2009-07-30 18:53:40 ----D---- C:\WINDOWS\dell
2009-07-21 09:59:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-21 09:58:59 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\credssp.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\azroles.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-07-21 09:58:41 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mssha.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagent.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\onex.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napstat.exe
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slserv.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slgen.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\setupn.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\qutil.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-21 09:58:35 ----A---- C:\WINDOWS\slrundll.exe
2009-07-21 09:58:34 ----D---- C:\WINDOWS\system32\scripting
2009-07-21 09:58:32 ----D---- C:\WINDOWS\l2schemas
2009-07-21 09:58:31 ----D---- C:\WINDOWS\system32\en
2009-07-21 09:58:30 ----D---- C:\WINDOWS\system32\bits
2009-07-21 09:54:56 ----D---- C:\WINDOWS\network diagnostic
2009-07-21 09:53:24 ----A---- C:\WINDOWS\003322_.tmp
2009-07-21 09:45:42 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-21 09:45:41 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-21 09:44:31 ----A---- C:\WINDOWS\system32\faxpatch.exe
2009-07-21 09:43:19 ----R---- C:\WINDOWS\system32\ZRMAudit.txt
2009-07-15 23:19:28 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-14 22:42:01 ----A---- C:\WINDOWS\soon.exe
2009-07-14 22:42:01 ----A---- C:\WINDOWS\ATT_Config.cmd
2009-07-13 12:36:54 ----D---- C:\CoreTechnology

======List of files/folders modified in the last 1 months======

2009-08-04 19:37:54 ----D---- C:\Documents and Settings\BDEAN\Application Data\MSN6
2009-08-04 19:37:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-04 19:30:40 ----D---- C:\WINDOWS\Temp
2009-08-04 19:30:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 19:30:15 ----HD---- C:\NALCache
2009-08-04 19:29:43 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-04 19:29:40 ----D---- C:\WINDOWS\system32
2009-08-04 19:29:38 ----D---- C:\WINDOWS\security
2009-08-04 19:29:35 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-04 19:29:34 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 19:29:34 ----D---- C:\WINDOWS
2009-08-04 19:27:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 18:55:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-04 17:11:07 ----SHD---- C:\WINDOWS\Installer
2009-08-04 17:11:07 ----SHD---- C:\Config.Msi
2009-08-04 17:11:01 ----D---- C:\Program Files\DIFX
2009-08-04 17:10:59 ----RD---- C:\Program Files
2009-08-04 17:09:23 ----HD---- C:\WINDOWS\inf
2009-08-04 16:50:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-04 16:49:16 ----D---- C:\Program Files\AT&T Global Network Client
2009-08-04 16:49:06 ----D---- C:\NDPS
2009-08-04 16:05:26 ----D---- C:\WINDOWS\Registration
2009-08-04 15:54:11 ----D---- C:\Zenworks
2009-08-04 15:51:18 ----D---- C:\WINDOWS\system32\config
2009-08-04 15:50:16 ----D---- C:\WINDOWS\system32\wbem
2009-08-04 00:20:11 ----D---- C:\Program Files\Quicken
2009-08-03 02:01:08 ----D---- C:\WINDOWS\Minidump
2009-08-02 10:40:11 ----D---- C:\quarantine
2009-08-01 13:28:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 13:08:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-01 13:08:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-31 19:31:03 ----A---- C:\WINDOWS\ODBC.INI
2009-07-31 18:50:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-31 14:59:10 ----RSD---- C:\WINDOWS\assembly
2009-07-31 14:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-31 14:55:46 ----D---- C:\WINDOWS\WinSxS
2009-07-31 14:54:34 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-31 14:45:04 ----D---- C:\WINDOWS\system32\en-US
2009-07-31 14:45:04 ----D---- C:\Program Files\Internet Explorer
2009-07-31 14:44:50 ----D---- C:\WINDOWS\ie7updates
2009-07-31 14:23:09 ----A---- C:\WINDOWS\imsins.BAK
2009-07-31 14:22:37 ----D---- C:\Program Files\Messenger
2009-07-31 14:21:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 13:03:26 ----A---- C:\WINDOWS\msg_mgr.ini
2009-07-31 13:03:26 ----A---- C:\WINDOWS\attwktop.ini
2009-07-31 10:31:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-31 10:31:09 ----D---- C:\WINDOWS\Help
2009-07-31 02:31:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-31 02:15:47 ----SD---- C:\WINDOWS\Tasks
2009-07-31 01:37:16 ----HDC---- C:\WINDOWS\ie7
2009-07-31 01:35:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 01:30:19 ----A---- C:\WINDOWS\system32\asasrv.ini
2009-07-31 01:12:26 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-31 01:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-07-31 01:09:09 ----D---- C:\WINDOWS\AppPatch
2009-07-31 01:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 01:01:38 ----A---- C:\WINDOWS\setuplog.txt
2009-07-31 01:00:22 ----D---- C:\WINDOWS\ime
2009-07-31 01:00:09 ----D---- C:\WINDOWS\PeerNet
2009-07-31 01:00:09 ----D---- C:\Program Files\Movie Maker
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\Restore
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\npp
2009-07-31 00:56:07 ----D---- C:\WINDOWS\mui
2009-07-31 00:56:05 ----D---- C:\WINDOWS\msagent
2009-07-31 00:56:02 ----D---- C:\WINDOWS\srchasst
2009-07-31 00:55:57 ----D---- C:\Program Files\NetMeeting
2009-07-31 00:55:55 ----D---- C:\WINDOWS\system32\Com
2009-07-31 00:55:52 ----D---- C:\Program Files\Windows Media Player
2009-07-31 00:55:48 ----D---- C:\Program Files\Windows NT
2009-07-31 00:55:47 ----D---- C:\Program Files\outlook express
2009-07-31 00:55:42 ----D---- C:\Program Files\Common Files\System
2009-07-31 00:55:16 ----D---- C:\WINDOWS\system32\oobe
2009-07-31 00:55:14 ----D---- C:\WINDOWS\system32\usmt
2009-07-31 00:55:13 ----D---- C:\WINDOWS\system
2009-07-31 00:50:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-31 00:46:45 ----D---- C:\WINDOWS\ehome
2009-07-31 00:13:37 ----SHD---- C:\System Volume Information
2009-07-31 00:06:09 ----D---- C:\WINDOWS\nview
2009-07-31 00:06:09 ----D---- C:\Program Files\CUAgent
2009-07-30 23:51:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-30 23:50:55 ----RD---- C:\WINDOWS\Web
2009-07-30 23:50:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-30 23:50:30 ----A---- C:\WINDOWS\win.ini
2009-07-30 23:43:07 ----A---- C:\WINDOWS\system.ini
2009-07-30 23:42:52 ----D---- C:\WINDOWS\system32\NetWare
2009-07-30 23:42:49 ----D---- C:\WINDOWS\system32\nls
2009-07-30 23:41:52 ----SH---- C:\boot.ini
2009-07-30 23:18:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-30 21:35:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-30 19:04:43 ----D---- C:\WINDOWS\Media
2009-07-30 18:58:10 ----D---- C:\WINDOWS\twain_32
2009-07-30 18:56:26 ----D---- C:\WINDOWS\system32\icsxml
2009-07-30 18:55:36 ----D---- C:\WINDOWS\system32\ias
2009-07-30 18:55:28 ----D---- C:\WINDOWS\system32\1033
2009-07-30 18:53:34 ----D---- C:\WINDOWS\Driver Cache
2009-07-28 10:55:07 ----A---- C:\ch_tt.txt
2009-07-28 10:55:07 ----A---- C:\apnttlog.txt
2009-07-22 17:12:52 ----D---- C:\Documents and Settings\BDEAN\Application Data\WeatherBug
2009-07-22 08:29:31 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-21 22:12:25 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-07-21 11:29:22 ----D---- C:\Program Files\Roxio
2009-07-21 11:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-07-21 11:29:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-21 11:29:07 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-07-21 11:22:35 ----D---- C:\Program Files\Common Files\Research in Motion
2009-07-21 11:01:44 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 20:56:44 ----D---- C:\WINDOWS\Flag
2009-07-14 22:46:46 ----D---- C:\Documents and Settings\All Users\Application Data\AGNS
2009-07-11 09:56:47 ----HD---- C:\WINDOWS\system32\GroupPolicy.WksCache
2009-07-10 19:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-07-10 18:37:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-10 18:36:58 ----D---- C:\Program Files\Logitech
2009-07-10 18:35:02 ----D---- C:\Program Files\W.L. Gore & Associates, Inc
2009-07-10 18:33:58 ----D---- C:\Program Files\Yahoo!
2009-07-07 20:08:51 ----D---- C:\Documents and Settings\BDEAN\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 enstart_;enstart_; \??\C:\WINDOWS\system32\enstart_.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-10-06 52136]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-05-07 34671]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-15 21419]
R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 19328]
R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2005-11-22 502223]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-10 18353]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 srenum;srenum; C:\WINDOWS\System32\DRIVERS\srenum.sys [2009-06-28 36480]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2005-11-22 159985]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 agnfilt;AGN Filter Interface; C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 180864]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CdProbe;CdProbe; \??\C:\WINDOWS\system32\DRIVERS\CDProbe.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 2773]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-10-06 64488]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-10-06 72904]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-10-06 34344]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-10-06 177672]
R3 ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2009-06-27 20480]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3653280]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2005-11-22 39600]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-09 28800]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
S3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RmAx;RMAXUSB; C:\WINDOWS\System32\Drivers\RmAx.sys [2005-09-04 40502]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2005-12-15 4608]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2005-03-23 14912]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2005-03-23 22528]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2006-01-29 10910]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 CentennialClientAgent;CentennialClientAgent; c:\Centenn.ial\Audit\CAgent32.exe [2009-02-14 1004832]
R2 CentennialIPTransferAgent;CentennialIPTransferAgent; C:\Centenn.ial\Audit\xferwan.exe [2009-02-14 476448]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe [2007-07-23 35616]
R2 enstart;enstart; C:\WINDOWS\system32\enstart.exe [2008-05-29 737280]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-30 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics; C:\Program Files\lotus\notes\nsd.exe [2008-12-06 3315080]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-07-17 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-10-06 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-10-06 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-07-12 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2008-12-06 58760]
R2 NALNTSERVICE;Novell Application Launcher; C:\Program Files\Novell\ZENworks\nalntsrv.exe [2006-06-13 113152]
R2 NetCfgSvr;Network Configuration Service; C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE [2007-01-13 323584]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-09-13 937984]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2004-03-05 192573]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-08-11 290816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 61440]
R2 ZFDWM;Workstation Manager; C:\Program Files\Novell\ZENworks\wm.exe [2007-02-07 152128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2005-01-18 36864]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-08-10 57344]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe [2007-07-23 14112]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2004-10-13 243196]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-04 19:43:31

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\Siebel Install Manager\setup.exe" INSTANCE="Client in C:/sea78/MC_MBLCLIENT ENU"
-->"C:\Program Files\InstallShield Installation Information\Siebel Install Manager\setup.exe" INSTANCE="Client in C:/sea78/MC_MBLCLIENT"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL21.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL22.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL23.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL24.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL25.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL26.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL27.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL28.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL29.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL30.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL31.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL32.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL33.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL34.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL35.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL36.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL37.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL38.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL39.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL40.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL41.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL42.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL43.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL44.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL45.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL46.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL47.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL48.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL49.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL50.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL51.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL52.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL53.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL83.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Plugins\ASC.SEQUEL\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Plugins\IBM.ADVJOBSCHEDULER\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Plugins\IBM.GEWYPERFTOOLS\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Plugins\IBM.GUISERVICEAGENT\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Toolkit\DeIsL2.isu"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AT&T Global Network Client Professional-->MsiExec.exe /I{2E21CBDA-1EDF-4C18-A561-DB53D683229F}
AT&T Global Network Client-->C:\Program Files\AT&T Global Network Client\NetUN.exe
Avaya Message Manager-->C:\PROGRA~1\LUCENT\MESSAG~1\UNWISE.EXE C:\PROGRA~1\LUCENT\MESSAG~1\INSTALL.LOG
Basic Date Picker v1.2-->MsiExec.exe /I{316D2C7B-C635-4323-BD74-2492CD1A8B6A}
BusinessObjects Enterprise XI Release 2 Service Pack 1-->MsiExec.exe /X{4AC764E3-DFE1-485A-8035-21152528E601}
BusinessObjects XI R2 Monthly Hot Fix 1-->MsiExec.exe /X{94CF15C6-A4EB-4708-A369-17A8E9BFEF63}
Camstar InSite-->C:\Program Files\InstallShield Installation Information\{2513A1E3-4409-49BB-A437-11D7D78096CF}\setup.exe -runfromtemp -l0x0409
Cherry Hill Quality Data Transfer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CHAPNqdt\ST6UNST.LOG"
Codesite client tools-->MsiExec.exe /I{F8DE3013-6411-44A2-8540-3F56AF5537D9}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CRViewerLocal-->MsiExec.exe /I{14D8937C-C7BA-43E0-B333-07D4341758A1}
Crystal Delivery-->MsiExec.exe /I{C54FB117-05AB-4143-AC47-6A84C31665B0}
Crystal Reports Tutorial Sample Code Projects-->MsiExec.exe /I{47996491-E68C-4D0A-9108-7BA7E96472CD}
Crystal Reports XI R2 Service Pack 3-->MsiExec.exe /X{D69AFD2A-2AAE-4657-9055-5D055C472ED0}
Crystal Reports XI R2 Service Pack 4-->MsiExec.exe /X{3C637EC4-9300-4E71-BC1B-6A2DB4268F71}
Crystal Reports XI Release 2-->MsiExec.exe /I{94FB0978-D094-40C7-91D7-834D39220D4A}
ctInterfaceSite-->MsiExec.exe /I{10FF71DA-41EF-4E74-A897-BB674012000C}
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Dell Photo AIO Printer 962-->C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbxUNST.EXE -NOLICENSE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DYMO Label Software SDK-->C:\PROGRA~1\DYMOLA~1\DLS_SDK\UNINSTAL.EXE C:\PROGRA~1\DYMOLA~1\DLS_SDK\INSTALL.LOG
DYMO Label Software-->C:\PROGRA~1\DYMOLA~1\UNINSTAL.EXE /U C:\PROGRA~1\DYMOLA~1\INSTALL.LOG
Garmin City Navigator North America NT 2009.11 Update-->MsiExec.exe /X{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Garmin WebUpdater-->MsiExec.exe /X{E0783143-EAE2-4047-A8D6-E155523C594C}
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\WINDOWS\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Gore Scheduler-->MsiExec.exe /I{721EC926-C843-443C-892B-8D3E362E92DF}
GridView Examples for ASP.NET 2.0 (VB)-->MsiExec.exe /I{12981BC3-814D-4A4F-B4C8-C8A88E7E1271}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3840 Series-->rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3840 Series
IBM iSeries Access for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe"
IDAutomation.com Code 39 Free Font-->C:\Program Files\IDAutomation.com Code 39 Free Font\uninstall.exe
Infragistics Expense Reference Site 2005 Vol. 1-->MsiExec.exe /X{59CC7C4B-AB13-4F81-9A3E-C1E0EB45A467}
Infragistics NetAdvantage 2005 Vol. 1 (ASP.NET Only)-->MsiExec.exe /X{A262B6AE-760A-48E3-9D6D-67124A68D297}
Infragistics NetAdvantage 2005 Vol. 1 .NET Hot Fix - 11/18/05-->MsiExec.exe /X{7FE3D267-73F5-44CB-8E7D-FEC04E59AEAE}
Infragistics NetAdvantage 2006 Vol. 2 CLR 1.x HotFix - Build.1045-->MsiExec.exe /X{b46a391d-1451-4fac-a80b-14aa7fe6b501}
Infragistics NetAdvantage 2006 Vol. 2 CLR 1.x HotFix - Build.1054-->MsiExec.exe /X{8dbdf77b-d32d-49a0-9f9c-3b61fa188a90}
Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1045-->MsiExec.exe /X{55c8fb47-e61e-4a1c-be9d-ab1db576b016}
Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1056-->MsiExec.exe /X{11ac8cd3-51cb-4821-a7f5-aacfddd2d8ba}
Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1074-->MsiExec.exe /X{787d9e46-9c8a-4b25-97b1-d7cbea2771e9}
Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1079-->MsiExec.exe /X{5be4ab41-2776-4eb6-8f5a-e1dd0e72e206}
Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 1.x-->MsiExec.exe /X{72E3EAFC-9EBB-4a68-A61E-F64C599FA190}
Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 2.0-->MsiExec.exe /X{9FA0AE10-D17F-4F66-9322-35AA145AAEE7}
Infragistics NetAdvantage for ASP.NET 2006 Vol. 2 CLR 1.x-->MsiExec.exe /X{8F6D805E-A68A-4a2c-839F-E3098DEC262F}
Infragistics NetAdvantage for ASP.NET 2006 Vol. 2 CLR 2.0-->MsiExec.exe /X{6E21ADA2-1084-4BC2-8E05-6D108D464C24}
Infragistics NetAdvantage for Windows Forms 2006 Vol. 2 CLR 1.x-->MsiExec.exe /X{852DA84E-631A-41bd-B042-DFD82D4A89B3}
Infragistics NetAdvantage for Windows Forms 2006 Vol. 2 CLR 2.0-->MsiExec.exe /X{393611AC-7D4D-4F76-84F8-54673FBC7C7F}
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java 2 Runtime Environment, SE v1.4.2_11-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
Java 2 Runtime Environment, SE v1.4.2_14-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn.com Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lotus Notes 8.5-->MsiExec.exe /X{7482779A-D19E-48DA-9CAC-8DB51F949864}
Lotus NotesSQL 2.06 driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NotesSQL\UnInN206.isu" -c"C:\Program Files\NotesSQL\\UninDrv.DLL"
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{F6E23569-A22A-4924-93A4-3F215BEF63D2}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
Meeting Service Record and Playback-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
MetaFrame Presentation Server Client-->MsiExec.exe /I{4E21223F-8D6C-446E-9CD3-587D206A8400}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ASP.NET 2.0 AJAX Extensions 1.0-->MsiExec.exe /X{082BDF7B-4810-4599-BF0D-E3AC44EC8524}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Project 2000 SR-1-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 7.0-->C:\WINDOWS\IsUninst.exe -fC:\MSSQL7\Uninst.isu -c"C:\MSSQL7\sqlsun.dll" -msql70.mif
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visio-->MsiExec.exe /I{0B438E9A-D40F-47B6-95A3-9AD8ED796EA2}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual SourceSafe 2005 - ENU-->"C:\Program Files\Microsoft Visual SourceSafe\Microsoft Visual SourceSafe 2005 - ENU\setup.exe"
Microsoft Visual Studio .NET Enterprise Developer 2003 - English-->"C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Enterprise Developer 2003 - English\setup.exe" /MaintMode
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mouse Suite for Laptop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\setup.exe" -l0x9 -removeonly
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSDN Library for Visual Studio .NET 2003-->MsiExec.exe /I{5757AE1A-1DB4-4898-9806-09F77FBD5E57}
MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSN Encarta Plus Support Files-->MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Challenge Response Method-->MsiExec.exe /X{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}
NMAS Client-->MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2}
Novell Client for Windows-->%SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient
Novell iFolder 2.1.7-->C:\Program Files\Novell\iFolder\uninst.exe -uninst
Novell iPrint Client v04.28.00-->C:\WINDOWS\system32\iprint\setupipp.exe /uninstall
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle Developer Tools for Visual Studio .NET Help-->MsiExec.exe /I{09F700C6-A221-420F-AEA7-7181D41C01AE}
Oracle Web Conferencing Console-->"C:\Program Files\Common Files\Oracle\RTC Client\3.0.1.421\en\cnsrun.exe" --dll:cnssetup.dll --entry:5 --cmd:/u
Password Power 8 Client-->MsiExec.exe /I{D9FFE006-E043-4463-A3A0-D10B58A8314F}
PDF-XChange 3.0 Pro-->"C:\Program Files\Tracker Software\PDF-XChange 3 Pro\unins000.exe"
Pinnacle Instant DVD Recorder-->MsiExec.exe /X{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pinnacle Video Driver-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
PowerArchiver 2001-->MsiExec.exe /I{AD95BD12-40F1-4DAD-844B-70229DB2F971}
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Punch! Professional Home Design-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Quest Software Toad for Data Analysts Trial 2.1-->MsiExec.exe /X{89AE1317-77D2-4AA3-AAD6-6B32415D8D96}
Quest SQL Optimizer 7.4.1 for Oracle Trial-->MsiExec.exe /I{92472550-3E4F-4848-B3F3-D6B0B6826F82}
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Remove Hidden Data Tool-->MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
Roxio Backup MyPC-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sansa Media Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sansa Updater-->C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
Schedule_Poll-->MsiExec.exe /I{820018CC-382C-4BAF-9DF6-EED404CEDB0E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Siebel Systems Uninstallation Manager-->C:\Program Files\InstallShield Installation Information\Siebel Install Manager\setup.exe
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SnagIt 7-->C:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SureThing Express Labeler-->"C:\Program Files\SureThing Express Labeler\unins000.exe"
TightVNC 1.3.10-->"C:\Program Files\TightVNC\unins000.exe"
TortoiseSVN 1.4.5.10425 (32 bit)-->MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}
Travel Tickets-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Project1\ST6UNST.LOG"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual CUT 85-->MsiExec.exe /I{DA15BDF2-BDA8-4FF7-9AE9-C02AE1CA9335}
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Volo View Express-->MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}
VSIP Interop Assembly Redist-->MsiExec.exe /X{FA7E3351-448B-4BDA-986F-8CB3DA36CE5D}
VZAccess Manager for RIM-->MsiExec.exe /X{48AFBB60-8CF5-4605-BB04-704DD8702B80}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 3.8.2-->"C:\Program Files\WinSCP3\unins000.exe"
World Timetable-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\KLM Royal Dutch Airlines\World Timetable\Uninst.isu" -c"C:\Program Files\KLM Royal Dutch Airlines\World Timetable\Uninst.dll"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
ZENworks Desktop Management Agent-->MsiExec.exe /I{04D72A75-8133-4450-A3E9-559DBD6D89C5}
ZMerge 5.0-->C:\WINDOWS\uninst.exe -fC:\PROGRA~1\lotus\notes\DeIsL1.isu -cC:\PROGRA~1\lotus\notes\_ISREG32.DLL
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

=====HijackThis Backups=====

O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\BDEAN\Application Data\Gool\Gool.exe" [2008-10-20]
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\BDEAN\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A [2008-10-20]
O4 - HKCU\..\Run: [frfz] C:\PROGRA~1\COMMON~1\frfz\frfzm.exe [2008-10-20]
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\BDEAN\Application Data\SpeedRunner\SpeedRunner.exe [2008-10-20]
O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe [2009-07-21]

======Hosts File======

157.204.22.243 login.wlgore.com
157.204.22.242 iam-am.wlgore.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise

======System event log======

Computer Name: CH-BDEAN-L
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 36328
Source Name: Disk
Time Written: 20090731061817.000000-240
Event Type: error
User:

Computer Name: CH-BDEAN-L
Event Code: 7034
Message: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

Record Number: 36325
Source Name: Service Control Manager
Time Written: 20090731061147.000000-240
Event Type: error
User:

Computer Name: CH-BDEAN-L
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 36324
Source Name: Disk
Time Written: 20090731040221.000000-240
Event Type: error
User:

Computer Name: CH-BDEAN-L
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 36323
Source Name: Disk
Time Written: 20090731040218.000000-240
Event Type: error
User:

Computer Name: CH-BDEAN-L
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 36322
Source Name: Disk
Time Written: 20090731040215.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: CH-BDEAN-L
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 403395
Source Name: SQLBrowser
Time Written: 20090725075456.000000-240
Event Type: warning
User:

Computer Name: CH-BDEAN-L
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 403379
Source Name: AutoEnrollment
Time Written: 20090725075447.000000-240
Event Type: error
User:

Computer Name: CH-BDEAN-L
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 403376
Source Name: Userenv
Time Written: 20090725075446.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CH-BDEAN-L
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 403316
Source Name: SQLBrowser
Time Written: 20090724081905.000000-240
Event Type: warning
User:

Computer Name: CH-BDEAN-L
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x80072751). A socket operation was attempted to an unreachable host.
Enrollment will not be performed.

Record Number: 403270
Source Name: AutoEnrollment
Time Written: 20090724081314.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\lotus\notes\;C:\Program Files\lotus\notes\DATA\;C:\oracle\ora10g\bin;C:\oracle\ora10g\jre\1.4.2\bin\client;C:\oracle\ora10g\jre\1.4.2\bin;C:\oracle\ora92\bin;C:\oracle\ora92\jre\1.4.2\bin\client;C:\oracle\ora92\jre\1.4.2\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\Autodesk Shared\;C:\ZJDEWVJW;C:\MSSQL7\BINN;%SystemRoot%\system32\nls;%SystemRoot%\system32\nls\ENGLISH;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Camstar\InSite Administration;C:\Program Files\Novell\ZENworks\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"SI_ServiceTag"=J0QCX91
"SI_Model"=Latitude D820
"SI_Chassis"=8
"SI_ComputerType"=Laptop
"SI_DVD"=Yes
"SI_CDRW"=Yes
"SI_CDRomDrive"=TSSTcorp DVD+-RW TS-L532B,
"CURRENT_REGION"=USEAST
"CURRENT_LOCATION"=CH
"NALPATH"=\\useclu_vol06_server\vol06\Apps
"INCLUDE"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
"LIB"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
"VS71COMNTOOLS"=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
"WS_HOME_REGION"=USEAST
"WS_HOME_LOCATION"=USEAST
"CURRENT_APPSERVER"=USEZEN01
"GLOBALPATH"=\\USEZEN01\VOL1\Apps\Global
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"DEST_VOLUME"=VOL1
"Home_Region"=USE
"Home_Location"=USE
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"Time_Server"=usentp01.wlgore.com
"IP_SUBNET"=35

-----------------EOF-----------------

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 04 August 2009 - 10:58 PM

Hi bdeandel,


Let's try another Gmer randomly named EXE from Here . Click the Download EXE and save it on your desktop running it as described in my previous post.

If still no joy whatsoever, then take the following instead. Good luck! :thumbup2:



Please go to SysProt Antirootkit homepage from Here , scroll down to the bottom of the page and download the attachments.
  • Unzip it to your desktop.
  • Double click Sysprot.exe to run the program.
  • Click on the Log tab.
  • In the Write to log box select all boxes.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same Sysprot folder. Copy/paste the log in your next reply.


#7 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 06 August 2009 - 06:51 AM

ok....finally got gmer to run without locking up computer.

Here is the gmer log

GMER 1.0.15.15011 [download.exe] - http://www.gmer.net
Rootkit scan 2009-08-06 07:21:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA99887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA998BFE]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xBAE3463C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB3E901AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB3E901D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB3E90141]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB3E9016D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB3E90201]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB3E90117]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB3E901C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB3E90157]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB3E90199]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB3E90217]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB3E901EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\enstart.exe (*** hidden *** ) 384

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ C:\Program Files\Common Files\Crystal Decisions\1.0\Bin\ExportModeller.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\ProgID@ ExportModeller.EMSummaryFieldInfo.1
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\TypeLib@ {C113DA62-E957-11D3-A6C7-00902771FF87}
Reg HKLM\SOFTWARE\Classes\CLSID\{B8F872F2-9C89-65E5-014B-0A5F3B70913F}\VersionIndependentProgID@ ExportModeller.EMSummaryFieldInfo
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----



And here are the RSIT logs as well - except this time when I ran it I only got one log file

Logfile of random's system information tool 1.06 (written by random/random)
Run by bdean at 2009-08-06 07:49:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (10%) free of 95 GB
Total RAM: 3070 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:57 AM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\BDEAN\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bdean.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://genie.wlgore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://chipsndip.wlgore.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 157.204.22.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: 157.204.22.243 login.wlgore.com
O1 - Hosts: 157.204.22.242 iam-am.wlgore.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AGNS_Config] nircmd execmd C:\WINDOWS\ATT_Config.cmd
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TAXSOFTWARE - http://www.taxsoftware.com/Taxsoftware.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://chipsndip/download/CfxIEAx.cab
O16 - DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19237/applets/Si...tBound_mail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://server10b.wlgore.com/iNotes6W.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19237/applets/Si...x_HI_Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146508140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146483765
O16 - DPF: {85615D08-3D5B-4045-976D-231011156A6D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19230/applets/Si...tBound_mail.cab
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} (Novell User Group Control) - http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://crmweb01/sales_enu/19237/applets/Si...Integration.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://useqcprodapp01:8080/qcbin/Spider90.ocx
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
O16 - DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - https://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19230/applets/Si...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25...bex/ieatgpc.cab
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} (Novell Session Control) - http://chipsndip/CHipsNDip1/Activex/NWSess.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O17 - HKLM\Software\..\Telephony: DomainName = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 157.204.22.7 157.204.216.40
O18 - Filter hijack: text/html - {be7e760c-c212-4151-8381-4910ecb3197c} - C:\WINDOWS\system32\xwreg32.dll
O21 - SSODL: infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - C:\Program Files\igqgqwb\infoenmnt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - c:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DB2 Management Service (TAEVAL21) (DB2MGMTSVC_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL21) (DB2NTSECSERVER_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe
O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8d516337c5b26) (gupdate1c8d516337c5b26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\lotus\notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 21389 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2004-05-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-24 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2004-05-14 131072]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-05-07 40960]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-01 7561216]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2006-06-29 1032192]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-30 136600]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-08-10 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-08-10 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-08-10 45056]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-08-10 20480]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-11-08 49152]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"Discovery User Input"=c:\Discovery\User Input\userin32.exe [2009-02-14 233472]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-05-02 55368]
"DMXLauncher"=C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe [2007-04-02 113400]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2005-05-18 40960]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-07-17 136512]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-10-06 111952]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-05-07 45056]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-30 520024]
"AGNS_Config"=nircmd execmd C:\WINDOWS\ATT_Config.cmd []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"2"=nircmd execmd C:\WINDOWS\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2006-04-07 1343488]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"NetSP - restore settings on power failure"=C:\Program Files\AT&T Global Network Client\NetSP.exe [2007-01-13 24576]
"PicoZip"=C:\Program Files\PicoZip\PicoZipTray.exe []
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Novell iFolder.lnk - C:\Program Files\Novell\iFolder\trayapp.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll [2007-01-10 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
infoenmnt - {006313C4-E1F2-4202-C58C-077F78BBAE59} - C:\Program Files\igqgqwb\infoenmnt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\NalShell.dll [2007-07-20 458752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"CompatibleRUPSecurity"=1
"DisableCAD"=1
"DontDisplayLastUserName"=0
"LegalNoticeText"=Access to this system is restricted to authorized users only. This system contains information that is considered confidential and proprietary to W. L. Gore & Associates, Inc. By clicking OK, you agree to not disclose the information contained in this system to any third party or to use it for your own use or benefit, without the written permission of W. L. Gore & Associates, Inc.
"ShutdownWithoutLogon"=1
"UndockWithoutLogon"=1
"LegalNoticeCaption"=IMPORTANT Notice:
"LogonType"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"ForceStartMenuLogOff"=1
"Intellimenus"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"NoPublishingWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=
"NoPublishingWizard"=
"NoWebServices"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\DPMW32.EXE"="C:\WINDOWS\System32\DPMW32.EXE:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Eicon\Shiva VPN Client\ICDESK.EXE"="C:\Program Files\Eicon\Shiva VPN Client\ICDESK.EXE:*:Enabled:VPN Client Windows Application"
"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
"C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe"="C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\sea78\MC\BIN\siebel.exe"="C:\sea78\MC\BIN\siebel.exe:*:Enabled:Siebel Mobile Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1161132214\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1161132214\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1161132214\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1161132214\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##usevss02#vssinstall]
shell\AutoRun\command - V:\setup.exe


======List of files/folders created in the last 1 months======

2009-08-04 19:43:11 ----D---- C:\rsit
2009-08-04 17:10:59 ----D---- C:\Program Files\Garmin
2009-08-01 15:08:10 ----D---- C:\Program Files\Shared
2009-08-01 14:48:51 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-07-31 14:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-31 14:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-31 14:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-31 14:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-31 14:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-31 14:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-31 14:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-31 14:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-07-31 14:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-31 14:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-31 14:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-31 14:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-31 14:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-31 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-31 14:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-07-31 14:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-31 14:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-31 14:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-31 14:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-31 14:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-31 14:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-31 14:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-31 14:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-31 14:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-31 14:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-31 14:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-31 14:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-31 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-31 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-31 14:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-31 14:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-31 14:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-31 14:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-31 02:04:52 ----D---- C:\aHoldingFolder
2009-07-31 01:10:00 ----D---- C:\WINDOWS\Prefetch
2009-07-31 01:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-31 00:50:08 ----A---- C:\WINDOWS\003522_.tmp
2009-07-31 00:46:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-30 23:50:52 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-30 23:49:55 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-30 23:18:29 ----RA---- C:\WINDOWS\SETC8.tmp
2009-07-30 23:18:24 ----RA---- C:\WINDOWS\SETBC.tmp
2009-07-30 23:18:22 ----RA---- C:\WINDOWS\SETB9.tmp
2009-07-30 18:53:40 ----D---- C:\WINDOWS\dell
2009-07-21 09:59:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-21 09:58:59 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\credssp.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\azroles.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-07-21 09:58:41 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mssha.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagent.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\onex.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napstat.exe
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slserv.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slgen.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\setupn.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\qutil.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-21 09:58:35 ----A---- C:\WINDOWS\slrundll.exe
2009-07-21 09:58:34 ----D---- C:\WINDOWS\system32\scripting
2009-07-21 09:58:32 ----D---- C:\WINDOWS\l2schemas
2009-07-21 09:58:31 ----D---- C:\WINDOWS\system32\en
2009-07-21 09:58:30 ----D---- C:\WINDOWS\system32\bits
2009-07-21 09:54:56 ----D---- C:\WINDOWS\network diagnostic
2009-07-21 09:53:24 ----A---- C:\WINDOWS\003322_.tmp
2009-07-21 09:45:42 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-21 09:45:41 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-21 09:44:31 ----A---- C:\WINDOWS\system32\faxpatch.exe
2009-07-21 09:43:19 ----R---- C:\WINDOWS\system32\ZRMAudit.txt
2009-07-15 23:19:28 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-14 22:42:01 ----A---- C:\WINDOWS\soon.exe
2009-07-14 22:42:01 ----A---- C:\WINDOWS\ATT_Config.cmd
2009-07-13 12:36:54 ----D---- C:\CoreTechnology

======List of files/folders modified in the last 1 months======

2009-08-06 07:45:29 ----D---- C:\Documents and Settings\BDEAN\Application Data\MSN6
2009-08-06 07:17:39 ----D---- C:\WINDOWS\Temp
2009-08-06 04:10:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 01:20:06 ----HD---- C:\NALCache
2009-08-06 00:56:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-06 00:22:45 ----D---- C:\WINDOWS
2009-08-05 19:26:53 ----D---- C:\Program Files\AT&T Global Network Client
2009-08-05 19:17:56 ----D---- C:\WINDOWS\system32
2009-08-05 15:37:54 ----D---- C:\NDPS
2009-08-05 14:17:23 ----D---- C:\quarantine
2009-08-05 13:19:09 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-05 13:18:53 ----D---- C:\WINDOWS\security
2009-08-05 13:18:16 ----D---- C:\Zenworks
2009-08-05 13:17:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-05 13:17:27 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-05 13:17:24 ----D---- C:\WINDOWS\system32\drivers
2009-08-05 13:02:04 ----D---- C:\Temp
2009-08-04 21:13:14 ----D---- C:\Program Files\Quicken
2009-08-04 20:08:58 ----D---- C:\WINDOWS\Registration
2009-08-04 19:47:36 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-08-04 18:55:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-04 17:11:07 ----SHD---- C:\WINDOWS\Installer
2009-08-04 17:11:07 ----SHD---- C:\Config.Msi
2009-08-04 17:11:01 ----D---- C:\Program Files\DIFX
2009-08-04 17:11:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-04 17:10:59 ----RD---- C:\Program Files
2009-08-04 17:09:23 ----HD---- C:\WINDOWS\inf
2009-08-04 16:50:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-04 15:51:18 ----D---- C:\WINDOWS\system32\config
2009-08-04 15:50:16 ----D---- C:\WINDOWS\system32\wbem
2009-08-03 02:01:08 ----D---- C:\WINDOWS\Minidump
2009-08-01 13:28:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 13:08:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-01 13:08:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-31 19:31:03 ----A---- C:\WINDOWS\ODBC.INI
2009-07-31 18:50:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-31 14:59:10 ----RSD---- C:\WINDOWS\assembly
2009-07-31 14:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-31 14:55:46 ----D---- C:\WINDOWS\WinSxS
2009-07-31 14:54:34 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-31 14:45:04 ----D---- C:\WINDOWS\system32\en-US
2009-07-31 14:45:04 ----D---- C:\Program Files\Internet Explorer
2009-07-31 14:44:50 ----D---- C:\WINDOWS\ie7updates
2009-07-31 14:23:09 ----A---- C:\WINDOWS\imsins.BAK
2009-07-31 14:22:37 ----D---- C:\Program Files\Messenger
2009-07-31 14:21:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 13:03:26 ----A---- C:\WINDOWS\msg_mgr.ini
2009-07-31 13:03:26 ----A---- C:\WINDOWS\attwktop.ini
2009-07-31 10:31:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-31 10:31:09 ----D---- C:\WINDOWS\Help
2009-07-31 02:31:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-31 02:15:47 ----SD---- C:\WINDOWS\Tasks
2009-07-31 01:37:16 ----HDC---- C:\WINDOWS\ie7
2009-07-31 01:35:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 01:30:19 ----A---- C:\WINDOWS\system32\asasrv.ini
2009-07-31 01:12:26 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-31 01:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-07-31 01:09:09 ----D---- C:\WINDOWS\AppPatch
2009-07-31 01:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 01:01:38 ----A---- C:\WINDOWS\setuplog.txt
2009-07-31 01:00:22 ----D---- C:\WINDOWS\ime
2009-07-31 01:00:09 ----D---- C:\WINDOWS\PeerNet
2009-07-31 01:00:09 ----D---- C:\Program Files\Movie Maker
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\Restore
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\npp
2009-07-31 00:56:07 ----D---- C:\WINDOWS\mui
2009-07-31 00:56:05 ----D---- C:\WINDOWS\msagent
2009-07-31 00:56:02 ----D---- C:\WINDOWS\srchasst
2009-07-31 00:55:57 ----D---- C:\Program Files\NetMeeting
2009-07-31 00:55:55 ----D---- C:\WINDOWS\system32\Com
2009-07-31 00:55:52 ----D---- C:\Program Files\Windows Media Player
2009-07-31 00:55:48 ----D---- C:\Program Files\Windows NT
2009-07-31 00:55:47 ----D---- C:\Program Files\outlook express
2009-07-31 00:55:42 ----D---- C:\Program Files\Common Files\System
2009-07-31 00:55:16 ----D---- C:\WINDOWS\system32\oobe
2009-07-31 00:55:14 ----D---- C:\WINDOWS\system32\usmt
2009-07-31 00:55:13 ----D---- C:\WINDOWS\system
2009-07-31 00:50:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-31 00:46:45 ----D---- C:\WINDOWS\ehome
2009-07-31 00:13:37 ----SHD---- C:\System Volume Information
2009-07-31 00:06:09 ----D---- C:\WINDOWS\nview
2009-07-31 00:06:09 ----D---- C:\Program Files\CUAgent
2009-07-30 23:51:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-30 23:50:55 ----RD---- C:\WINDOWS\Web
2009-07-30 23:50:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-30 23:50:30 ----A---- C:\WINDOWS\win.ini
2009-07-30 23:43:07 ----A---- C:\WINDOWS\system.ini
2009-07-30 23:42:52 ----D---- C:\WINDOWS\system32\NetWare
2009-07-30 23:42:49 ----D---- C:\WINDOWS\system32\nls
2009-07-30 23:41:52 ----SH---- C:\boot.ini
2009-07-30 23:18:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-30 21:35:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-30 19:04:43 ----D---- C:\WINDOWS\Media
2009-07-30 18:58:10 ----D---- C:\WINDOWS\twain_32
2009-07-30 18:56:26 ----D---- C:\WINDOWS\system32\icsxml
2009-07-30 18:55:36 ----D---- C:\WINDOWS\system32\ias
2009-07-30 18:55:28 ----D---- C:\WINDOWS\system32\1033
2009-07-30 18:53:34 ----D---- C:\WINDOWS\Driver Cache
2009-07-28 10:55:07 ----A---- C:\ch_tt.txt
2009-07-28 10:55:07 ----A---- C:\apnttlog.txt
2009-07-22 17:12:52 ----D---- C:\Documents and Settings\BDEAN\Application Data\WeatherBug
2009-07-22 08:29:31 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-21 11:29:22 ----D---- C:\Program Files\Roxio
2009-07-21 11:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-07-21 11:29:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-21 11:29:07 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-07-21 11:22:35 ----D---- C:\Program Files\Common Files\Research in Motion
2009-07-21 11:01:44 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 20:56:44 ----D---- C:\WINDOWS\Flag
2009-07-14 22:46:46 ----D---- C:\Documents and Settings\All Users\Application Data\AGNS
2009-07-11 09:56:47 ----HD---- C:\WINDOWS\system32\GroupPolicy.WksCache
2009-07-10 19:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-07-10 18:37:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-10 18:36:58 ----D---- C:\Program Files\Logitech
2009-07-10 18:35:02 ----D---- C:\Program Files\W.L. Gore & Associates, Inc
2009-07-10 18:33:58 ----D---- C:\Program Files\Yahoo!
2009-07-07 20:08:51 ----D---- C:\Documents and Settings\BDEAN\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 enstart_;enstart_; \??\C:\WINDOWS\system32\enstart_.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-10-06 52136]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-05-07 34671]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-15 21419]
R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 19328]
R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2005-11-22 502223]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-10 18353]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 srenum;srenum; C:\WINDOWS\System32\DRIVERS\srenum.sys [2009-06-28 36480]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2005-11-22 159985]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 agnfilt;AGN Filter Interface; C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 180864]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CdProbe;CdProbe; \??\C:\WINDOWS\system32\DRIVERS\CDProbe.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 2773]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-10-06 64488]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-10-06 72904]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-10-06 34344]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-10-06 177672]
R3 ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2009-06-27 20480]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3653280]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2005-11-22 39600]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-09 28800]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\BDEAN\LOCALS~1\Temp\aujasnkj.sys []
S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
S3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RmAx;RMAXUSB; C:\WINDOWS\System32\Drivers\RmAx.sys [2005-09-04 40502]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2005-12-15 4608]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2005-03-23 14912]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2005-03-23 22528]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2006-01-29 10910]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 CentennialClientAgent;CentennialClientAgent; c:\Centenn.ial\Audit\CAgent32.exe [2009-02-14 1004832]
R2 CentennialIPTransferAgent;CentennialIPTransferAgent; C:\Centenn.ial\Audit\xferwan.exe [2009-02-14 476448]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe [2007-07-23 35616]
R2 enstart;enstart; C:\WINDOWS\system32\enstart.exe [2008-05-29 737280]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-30 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics; C:\Program Files\lotus\notes\nsd.exe [2008-12-06 3315080]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-07-17 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-10-06 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-10-06 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-07-12 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2008-12-06 58760]
R2 NALNTSERVICE;Novell Application Launcher; C:\Program Files\Novell\ZENworks\nalntsrv.exe [2006-06-13 113152]
R2 NetCfgSvr;Network Configuration Service; C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE [2007-01-13 323584]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-09-13 937984]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2004-03-05 192573]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-08-11 290816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 61440]
R2 ZFDWM;Workstation Manager; C:\Program Files\Novell\ZENworks\wm.exe [2007-02-07 152128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2005-01-18 36864]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-08-10 57344]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe [2007-07-23 14112]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2004-10-13 243196]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe []

-----------------EOF-----------------

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 06 August 2009 - 10:42 AM

Hi bdeandel,




I notice there is an unwanted program installed in your system. This unwanted program sometimes is malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight

WeatherBug

and click on Change/Remove to remove it.



Step1

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\WINDOWS\system32\xwreg32.dll
C:\windows\system32\msansspc.dll
C:\WINDOWS\003522_.tmp
C:\WINDOWS\003322_.tmp
C:\WINDOWS\SETC8.tmp
C:\WINDOWS\SETBC.tmp
C:\WINDOWS\SETB9.tmp
Folder::
C:\Program Files\igqgqwb
Registry::
[-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
[-HKEY_CLASSES_ROOT\CLSID{be7e760c-c212-4151-8381-4910ecb3197c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"infoenmnt"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note:If you can't run Combofix, please delete that copy from your desktop and redownload it again. Please rename it to bdean.exe before downloading it to your desktop. Thanks.



Step2
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
In your next reply, please post back:


1.Combofix log
2.RSIT log. txt

Tell me how your pc is running now.

Edited by sundavis, 06 August 2009 - 11:00 AM.


#9 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 06 August 2009 - 11:40 PM

Here is the Combofix.txt file

ComboFix 09-08-06.01 - bdean 08/07/2009 0:10.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2291 [GMT -4:00]
Running from: c:\documents and settings\BDEAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BDEAN\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\003322_.tmp"
"c:\windows\003522_.tmp"
"c:\windows\SETB9.tmp"
"c:\windows\SETBC.tmp"
"c:\windows\SETC8.tmp"
"c:\windows\system32\msansspc.dll"
"c:\windows\system32\xwreg32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk
c:\documents and settings\BDEAN\Application Data\EurekaLog
c:\documents and settings\BDEAN\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\BDEAN\Local Settings\Temporary Internet Files\fbk.sts
c:\recycler\S-1-5-21-1963837559-3503318579-3938176709-500
c:\windows\003322_.tmp
c:\windows\003522_.tmp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\Skin
c:\windows\Downloaded Program Files\Skin\ASKUSER.wav
c:\windows\Downloaded Program Files\Skin\BGIMG_ASKFORM.bmp
c:\windows\Downloaded Program Files\Skin\BGIMG_CHATFORM.bmp
c:\windows\Downloaded Program Files\Skin\BGIMG_IMFORM.bmp
c:\windows\Downloaded Program Files\Skin\BTN_ACCEPT.bmp
c:\windows\Downloaded Program Files\Skin\BTN_CANCEL.bmp
c:\windows\Downloaded Program Files\Skin\BTN_CANCEL_ASK.bmp
c:\windows\Downloaded Program Files\Skin\BTN_CLOSE.bmp
c:\windows\Downloaded Program Files\Skin\BTN_CREATE.bmp
c:\windows\Downloaded Program Files\Skin\BTN_DECLINE.bmp
c:\windows\Downloaded Program Files\Skin\BTN_MEMBER.bmp
c:\windows\Downloaded Program Files\Skin\BTN_SEND.bmp
c:\windows\Downloaded Program Files\Skin\BTN_SEND_ASK.bmp
c:\windows\Downloaded Program Files\Skin\BTN_SEND_IM.bmp
c:\windows\Downloaded Program Files\Skin\BTN_UPDATE.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_1.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_2.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_3.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_4.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_5.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_6.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_7.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_8.bmp
c:\windows\Downloaded Program Files\Skin\Buddy_9.bmp
c:\windows\Downloaded Program Files\Skin\CHANGE_USER_STATUS.wav
c:\windows\Downloaded Program Files\Skin\colors.ini
c:\windows\Downloaded Program Files\Skin\ENTER_ROOM.wav
c:\windows\Downloaded Program Files\Skin\EXIT_ROOM.wav
c:\windows\Downloaded Program Files\Skin\IM_MESSAGE.wav
c:\windows\Downloaded Program Files\Skin\IMG_ADMINROOM_SMALL.bmp
c:\windows\Downloaded Program Files\Skin\IMG_ADMINUSER_SMALL1.bmp
c:\windows\Downloaded Program Files\Skin\IMG_ADMINUSER_SMALL2.bmp
c:\windows\Downloaded Program Files\Skin\IMG_ADMINUSER_SMALL3.bmp
c:\windows\Downloaded Program Files\Skin\IMG_GREP.bmp
c:\windows\Downloaded Program Files\Skin\IMG_HANDUP.bmp
c:\windows\Downloaded Program Files\Skin\IMG_IGNORE.bmp
c:\windows\Downloaded Program Files\Skin\IMG_IM_TOPMIDDLE.bmp
c:\windows\Downloaded Program Files\Skin\IMG_ONLYONE.bmp
c:\windows\Downloaded Program Files\Skin\IMG_SILENTMODE.bmp
c:\windows\Downloaded Program Files\Skin\IMG_STATUSAWAY.bmp
c:\windows\Downloaded Program Files\Skin\IMG_STATUSBUSY.bmp
c:\windows\Downloaded Program Files\Skin\IMG_STATUSLUNCH.bmp
c:\windows\Downloaded Program Files\Skin\IMG_USERBANNED.bmp
c:\windows\Downloaded Program Files\Skin\IMG_VOICEON.bmp
c:\windows\Downloaded Program Files\Skin\IMG_WAITFORMIC.bmp
c:\windows\Downloaded Program Files\Skin\IMG_WEBCAM.bmp
c:\windows\Downloaded Program Files\Skin\INVITE.wav
c:\windows\Downloaded Program Files\Skin\LBL_CHOOSEICON.bmp
c:\windows\Downloaded Program Files\Skin\LBL_ROOMNAME.bmp
c:\windows\Downloaded Program Files\Skin\LBL_USERNAME.bmp
c:\windows\Downloaded Program Files\Skin\LBL_YOURPASSWORD.bmp
c:\windows\Downloaded Program Files\Skin\LOGO_ASKFORM_TOP.bmp
c:\windows\Downloaded Program Files\Skin\LOGO_LEFTTOP.bmp
c:\windows\Downloaded Program Files\Skin\LOGO_RIGHTTOP.bmp
c:\windows\Downloaded Program Files\Skin\messages.ini
c:\windows\Downloaded Program Files\Skin\ROOM_CLASS_PRIV.bmp
c:\windows\Downloaded Program Files\Skin\ROOM_CLASS_PUB.bmp
c:\windows\Downloaded Program Files\Skin\ROOM_NORMAL_PRIV.bmp
c:\windows\Downloaded Program Files\Skin\ROOM_NORMAL_PUB.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_1.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_10.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_11.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_12.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_13.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_14.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_15.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_16.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_17.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_18.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_19.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_2.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_20.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_21.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_22.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_23.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_24.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_3.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_4.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_5.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_6.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_7.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_8.bmp
c:\windows\Downloaded Program Files\Skin\SMILEY_9.bmp
c:\windows\Downloaded Program Files\Skin\TAB_ASK.bmp
c:\windows\Downloaded Program Files\Skin\TAB_IM.bmp
c:\windows\Downloaded Program Files\Skin\TAB_PROFILE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_CLEAR.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_CREATEROOM.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTBKCOLOR.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTBOLD.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTCOLOR.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTDEFSIZE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTITALIC.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTLARGER.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTSMALLER.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTTYPE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_FONTUNDERLINE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_IGNORE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_MICROPHONE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_SMILEY.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_UNIGNORE.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_USERPROP.bmp
c:\windows\Downloaded Program Files\Skin\TBTN_VOLUME.bmp
c:\windows\Downloaded Program Files\Skin\USER_1.bmp
c:\windows\Downloaded Program Files\Skin\USER_10.bmp
c:\windows\Downloaded Program Files\Skin\USER_11.bmp
c:\windows\Downloaded Program Files\Skin\USER_12.bmp
c:\windows\Downloaded Program Files\Skin\USER_13.bmp
c:\windows\Downloaded Program Files\Skin\USER_14.bmp
c:\windows\Downloaded Program Files\Skin\USER_15.bmp
c:\windows\Downloaded Program Files\Skin\USER_16.bmp
c:\windows\Downloaded Program Files\Skin\USER_17.bmp
c:\windows\Downloaded Program Files\Skin\USER_18.bmp
c:\windows\Downloaded Program Files\Skin\USER_19.bmp
c:\windows\Downloaded Program Files\Skin\USER_2.bmp
c:\windows\Downloaded Program Files\Skin\USER_20.bmp
c:\windows\Downloaded Program Files\Skin\USER_21.bmp
c:\windows\Downloaded Program Files\Skin\USER_22.bmp
c:\windows\Downloaded Program Files\Skin\USER_23.bmp
c:\windows\Downloaded Program Files\Skin\USER_24.bmp
c:\windows\Downloaded Program Files\Skin\USER_25.bmp
c:\windows\Downloaded Program Files\Skin\USER_26.bmp
c:\windows\Downloaded Program Files\Skin\USER_27.bmp
c:\windows\Downloaded Program Files\Skin\USER_28.bmp
c:\windows\Downloaded Program Files\Skin\USER_29.bmp
c:\windows\Downloaded Program Files\Skin\USER_3.bmp
c:\windows\Downloaded Program Files\Skin\USER_30.bmp
c:\windows\Downloaded Program Files\Skin\USER_31.bmp
c:\windows\Downloaded Program Files\Skin\USER_32.bmp
c:\windows\Downloaded Program Files\Skin\USER_33.bmp
c:\windows\Downloaded Program Files\Skin\USER_34.bmp
c:\windows\Downloaded Program Files\Skin\USER_35.bmp
c:\windows\Downloaded Program Files\Skin\USER_36.bmp
c:\windows\Downloaded Program Files\Skin\USER_37.bmp
c:\windows\Downloaded Program Files\Skin\USER_38.bmp
c:\windows\Downloaded Program Files\Skin\USER_39.bmp
c:\windows\Downloaded Program Files\Skin\USER_4.bmp
c:\windows\Downloaded Program Files\Skin\USER_40.bmp
c:\windows\Downloaded Program Files\Skin\USER_41.bmp
c:\windows\Downloaded Program Files\Skin\USER_42.bmp
c:\windows\Downloaded Program Files\Skin\USER_43.bmp
c:\windows\Downloaded Program Files\Skin\USER_44.bmp
c:\windows\Downloaded Program Files\Skin\USER_45.bmp
c:\windows\Downloaded Program Files\Skin\USER_46.bmp
c:\windows\Downloaded Program Files\Skin\USER_47.bmp
c:\windows\Downloaded Program Files\Skin\USER_48.bmp
c:\windows\Downloaded Program Files\Skin\USER_49.bmp
c:\windows\Downloaded Program Files\Skin\USER_5.bmp
c:\windows\Downloaded Program Files\Skin\USER_50.bmp
c:\windows\Downloaded Program Files\Skin\USER_51.bmp
c:\windows\Downloaded Program Files\Skin\USER_52.bmp
c:\windows\Downloaded Program Files\Skin\USER_53.bmp
c:\windows\Downloaded Program Files\Skin\USER_54.bmp
c:\windows\Downloaded Program Files\Skin\USER_55.bmp
c:\windows\Downloaded Program Files\Skin\USER_56.bmp
c:\windows\Downloaded Program Files\Skin\USER_57.bmp
c:\windows\Downloaded Program Files\Skin\USER_58.bmp
c:\windows\Downloaded Program Files\Skin\USER_59.bmp
c:\windows\Downloaded Program Files\Skin\USER_6.bmp
c:\windows\Downloaded Program Files\Skin\USER_60.bmp
c:\windows\Downloaded Program Files\Skin\USER_7.bmp
c:\windows\Downloaded Program Files\Skin\USER_8.bmp
c:\windows\Downloaded Program Files\Skin\USER_9.bmp
c:\windows\Downloaded Program Files\Skin\USER_ADMIN.bmp
c:\windows\Downloaded Program Files\Skin\USER_FRAME.bmp
c:\windows\Downloaded Program Files\Skin\USER_SUBADMIN.bmp
c:\windows\Downloaded Program Files\Temp
c:\windows\Installer\12bded.msi
c:\windows\Installer\150028.msi
c:\windows\Installer\3a291.msi
c:\windows\Installer\58ac7.msi
c:\windows\Installer\58acd.msi
c:\windows\Installer\58ad2.msi
c:\windows\Installer\58ad7.msi
c:\windows\Installer\58adc.msi
c:\windows\Installer\58ae1.msi
c:\windows\Installer\58ae6.msi
c:\windows\Installer\58aeb.msi
c:\windows\Installer\58af0.msi
c:\windows\Installer\58af5.msi
c:\windows\Installer\58afa.msi
c:\windows\Installer\58aff.msi
c:\windows\Installer\58b04.msi
c:\windows\Installer\58b09.msi
c:\windows\Installer\58b0e.msi
c:\windows\Installer\6b423.msi
c:\windows\Installer\92a54.msi
c:\windows\Installer\ed89c75.msp
c:\windows\SETB9.tmp
c:\windows\SETBC.tmp
c:\windows\SETC8.tmp
c:\windows\system32\Cache
c:\windows\system32\xwreg32.dll
c:\windows\wiaservv.log

.
((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-06 12:46 . 2009-08-06 12:46 20008 ----a-w- c:\windows\system32\drivers\CDProbe.SYS
2009-08-04 23:43 . 2009-08-04 23:43 -------- d-----w- C:\rsit
2009-08-04 21:10 . 2009-08-04 21:10 -------- d-----w- c:\program files\Garmin
2009-08-04 19:50 . 2009-08-04 19:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-01 19:08 . 2009-08-04 23:22 -------- d-----w- c:\program files\Shared
2009-08-01 18:49 . 2009-08-01 18:57 -------- d-----w- c:\documents and settings\BDEAN\SecurityScans
2009-08-01 18:48 . 2009-08-01 18:48 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-07-31 18:10 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-31 18:10 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-31 18:10 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2009-07-31 18:10 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-31 18:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-31 18:10 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-07-31 18:08 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-31 18:07 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-07-31 18:07 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-07-31 18:07 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-07-31 18:07 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-07-31 18:07 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-07-31 06:04 . 2009-07-31 06:32 -------- d-----w- C:\aHoldingFolder
2009-07-31 05:00 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-07-31 05:00 . 2008-04-14 03:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-07-31 03:54 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2009-07-31 03:53 . 2004-08-04 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-07-31 03:50 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-31 03:49 . 2008-04-14 03:42 252928 ----a-w- c:\windows\system32\msoeacct.dll
2009-07-31 03:49 . 2008-04-14 03:42 105984 ----a-w- c:\windows\system32\msoert2.dll
2009-07-31 03:49 . 2008-04-14 03:41 691712 ----a-w- c:\windows\system32\inetcomm.dll
2009-07-31 03:47 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-07-31 03:19 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-31 03:19 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-31 03:19 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-31 03:19 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-30 22:53 . 2009-07-30 22:53 -------- d-----w- c:\windows\dell
2009-07-21 13:59 . 2009-07-21 13:59 -------- d-----w- c:\windows\ServicePackFiles
2009-07-21 13:54 . 2008-04-14 03:41 4255 ----a-w- c:\windows\system32\drivers\adv01nt5.dll
2009-07-21 13:45 . 2008-04-14 03:42 20992 ----a-w- c:\windows\system32\spupdwxp.exe
2009-07-21 13:45 . 2008-04-14 03:42 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-07-21 13:44 . 2008-04-14 03:42 20992 ----a-w- c:\windows\system32\faxpatch.exe
2009-07-19 13:32 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-16 03:19 . 2009-07-16 03:19 -------- d-----w- c:\windows\system32\NtmsData
2009-07-15 02:42 . 2007-03-06 01:08 215 ----a-w- c:\windows\ATT_Config.cmd
2009-07-15 02:42 . 1999-12-21 11:59 15360 ----a-w- c:\windows\soon.exe
2009-07-13 16:36 . 2009-07-13 16:37 -------- d-----w- C:\CoreTechnology

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 04:07 . 2006-07-29 02:56 -------- d-----w- c:\documents and settings\BDEAN\Application Data\MSN6
2009-08-07 00:16 . 2006-07-12 18:43 -------- d-----w- c:\program files\AT&T Global Network Client
2009-08-07 00:16 . 2008-12-09 03:00 -------- d-----w- c:\program files\SureThing Express Labeler
2009-08-07 00:15 . 2006-07-13 01:36 105101 ----a-w- c:\windows\system32\nvModes.dat
2009-08-05 01:13 . 2009-05-28 00:08 -------- d-----w- c:\program files\Quicken
2009-08-04 23:47 . 2009-07-01 05:56 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-08-04 22:55 . 2009-03-15 23:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 22:55 . 2009-04-30 04:12 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 21:11 . 2009-03-05 16:04 -------- d-----w- c:\program files\DIFX
2009-08-04 19:05 . 2007-05-16 12:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-03 17:36 . 2009-03-15 23:54 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-03-15 23:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 17:28 . 2008-10-18 04:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-31 18:58 . 2006-07-17 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-31 18:54 . 2006-07-17 18:48 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-31 05:02 . 2005-03-04 23:07 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-31 04:15 . 2006-07-17 16:39 99760 ----a-w- c:\documents and settings\BDEAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 04:06 . 2006-08-03 15:55 -------- d-----w- c:\program files\CUAgent
2009-07-31 03:48 . 2005-03-04 23:04 26224 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-21 15:29 . 2008-06-21 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-07-21 15:29 . 2006-07-19 14:32 -------- d-----w- c:\program files\Roxio
2009-07-21 15:29 . 2006-07-19 14:32 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-21 15:29 . 2007-12-16 18:11 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-21 15:22 . 2006-10-16 21:51 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-07-15 02:46 . 2006-09-29 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2009-07-10 23:43 . 2006-12-30 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-07-10 22:37 . 2005-03-05 04:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 22:36 . 2006-07-29 06:01 -------- d-----w- c:\program files\Logitech
2009-07-10 22:35 . 2007-12-18 15:10 -------- d-----w- c:\program files\W.L. Gore & Associates, Inc
2009-07-10 22:33 . 2009-05-29 15:31 -------- d-----w- c:\program files\Yahoo!
2009-07-09 03:49 . 2009-06-22 14:22 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-08 00:08 . 2009-02-28 17:21 -------- d-----w- c:\documents and settings\BDEAN\Application Data\U3
2009-07-06 14:24 . 2009-06-22 14:22 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-06 14:22 . 2009-06-22 14:22 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-01 06:01 . 2009-07-01 06:01 -------- dc----w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-01 04:28 . 2009-06-19 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-30 22:32 . 2009-06-30 22:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-29 16:42 . 2006-07-29 20:05 -------- d-----w- c:\program files\Google
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 08:02 . 2009-06-27 22:47 36480 ----a-w- c:\windows\system32\drivers\srenum.sys
2009-06-27 22:47 . 2009-06-27 22:47 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-06-19 00:42 . 2006-12-22 04:04 -------- d-----w- c:\program files\AIM6
2006-07-17 20:19 . 2006-07-17 20:19 31 ----a-w- c:\program files\Notes.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2007-01-13 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGNS_Config"="nircmd execmd" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2007-05-07 40960]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-08 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"Dell QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2006-06-29 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-08-10 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-08-10 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-08-10 45056]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-08-10 20480]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2009-02-14 233472]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 55368]
"DMXLauncher"="c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 113400]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-07-17 136512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2007-05-07 45056]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-01 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-05-01 73728]
"NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2002-03-12 28672]
"PMX Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-11-08 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"2"="nircmd execmd" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Novell iFolder.lnk - c:\program files\Novell\iFolder\trayapp.exe [2006-7-12 266317]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [2006-7-17 61440]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2006-7-17 2277376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
"DisableCAD"= 1 (0x1)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2007-07-20 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-01-10 17:52 24576 ----a-w- c:\windows\system32\Novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\sea78\\MC\\Charts\\JRE1.3\\jre\\bin\\javaw.exe"=
"c:\\sea78\\MC\\BIN\\siebel.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7461:TCP"= 7461:TCP:157.204.47.170/255.255.255.255:Enabled:ZAM

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/13/2009 10:22 AM 64160]
R0 NifFltr;NifFltr;c:\windows\system32\drivers\NIFfltr.sys [7/12/2006 2:43 PM 25300]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/1/1980 8:00 AM 9969]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [5/29/2008 11:17 PM 25472]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [3/5/2005 12:31 AM 34671]
R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [9/25/2006 8:15 PM 19328]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 3:47 PM 6899]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21);c:\program files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe [7/23/2007 3:47 AM 35616]
R2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [12/6/2008 8:36 AM 3315080]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 11:59 AM 167936]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [6/27/2009 6:47 PM 36480]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [1/6/2006 5:37 AM 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [1/10/2007 1:52 PM 61440]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [5/19/2006 9:46 AM 180864]
R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [8/6/2009 8:46 AM 20008]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 3:11 PM 2773]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/27/2009 6:47 PM 20480]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2008 10:43 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [4/4/2003 12:48 PM 13952]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21);c:\program files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe [7/23/2007 3:48 AM 14112]
S3 RmAx;RMAXUSB;c:\windows\system32\drivers\RmAx.sys [12/26/2006 5:39 PM 40502]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [3/23/2005 5:40 AM 4608]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1/1/1980 8:00 AM 14912]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1/1/1980 8:00 AM 22528]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 7:17 AM 2805000]
UnknownUnknown dsload;dsload; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CDPROBE
*Deregistered* - aujasnkj
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:33]

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-12 20:07]

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-12 20:07]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-PicoZip - c:\program files\PicoZip\PicoZipTray.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://genie.wlgore.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://chipsndip.wlgore.com/
uInternet Settings,ProxyServer = 157.204.22.4:8080
uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //localhost/main.html
Trusted Zone: att.com\www.customerservice
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TAXSOFTWARE - hxxp://www.taxsoftware.com/Taxsoftware.cab
DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_HI_Client.cab
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} - hxxp://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crmweb01/sales_enu/19237/applets/SiebelAx_Desktop_Integration.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://useqcprodapp01:8080/qcbin/Spider90.ocx
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - hxxps://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://crmweb01/sales_enu/19230/applets/SiebelAx_HI_Client.cab
DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} - hxxp://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} - hxxp://chipsndip/CHipsNDip1/Activex/NWSess.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\system32\enstart.exe [384] 0x89BA4B98

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f6,95,39,6d,9e,
c9,5e,9b,2e,e8,e1,00,eb,16,2b,de,d0,fe,01,10,58,53,ba,f2,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,30,82,f7,66,bd,
a4,36,90,46,47,15,b0,92,4b,c7,ef,78,18,bc,1c,21,c5,cb,2d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,58,8f,4b,b8,6a,
f1,b1,32,7a,45,05,fd,91,e8,6f,31,a6,ed,98,37,7c,aa,14,78,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,24,f2,ff,09,9f,
64,28,da,6b,65,49,6a,7e,99,74,f7,45,7d,4a,0c,98,ee,c7,36,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,38,25,b0,34,64,
cc,92,80,e9,02,6c,fa,fb,1d,47,57,81,ee,87,16,01,b9,73,30,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b2,96,64,c8,e5,
5c,ff,a1,50,93,e5,ab,ec,6a,4e,ab,36,e8,e1,32,0e,4f,38,80,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,42,7e,91,b0,9e,
57,63,64,97,20,4e,9a,c7,f1,35,ee,21,e9,bf,10,7b,22,9d,cd,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,61,3a,2b,82,01,
ba,9a,81,aa,52,c6,00,84,3c,26,64,ce,61,88,4f,74,6b,1f,a9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ca,e5,cb,9e,19,
4a,90,98,b2,46,9a,e2,1b,fe,1b,94,00,cb,7a,c7,d6,ce,77,7b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,0b,e5,d5,51,2b,
a0,32,2f,37,a4,aa,c3,a6,15,56,0a,97,af,15,0b,f6,b3,77,31,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,58,c1,42,58,aa,
78,04,57,f8,31,0f,a9,5f,a0,ec,fb,3f,6c,3d,c9,18,e6,6f,86,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a5,16,11,66,40,
68,06,d3,05,73,21,dd,54,d8,4a,c5,54,1b,44,5f,5b,04,cb,04,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\Novell\NCredMgr.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\PSWrapper.dll

- - - - - - - > 'Explorer.exe'(11504)
c:\windows\system32\WININET.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
Completion time: 2009-08-07 0:31
ComboFix-quarantined-files.txt 2009-08-07 04:31

Pre-Run: 10,242,576,384 bytes free
Post-Run: 13,162,524,672 bytes free

596 --- E O F --- 2009-07-31 19:02


And here is the RSIT log.txt file

Logfile of random's system information tool 1.06 (written by random/random)
Run by bdean at 2009-08-07 00:35:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (13%) free of 95 GB
Total RAM: 3070 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:16 AM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Centenn.ial\Audit\xferwan.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BDEAN\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bdean.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://genie.wlgore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://chipsndip.wlgore.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 157.204.22.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: 157.204.22.243 login.wlgore.com
O1 - Hosts: 157.204.22.242 iam-am.wlgore.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AGNS_Config] nircmd execmd C:\WINDOWS\ATT_Config.cmd
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TAXSOFTWARE - http://www.taxsoftware.com/Taxsoftware.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://chipsndip/download/CfxIEAx.cab
O16 - DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19237/applets/Si...tBound_mail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://server10b.wlgore.com/iNotes6W.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19237/applets/Si...x_HI_Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146508140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146483765
O16 - DPF: {85615D08-3D5B-4045-976D-231011156A6D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19230/applets/Si...tBound_mail.cab
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} (Novell User Group Control) - http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://crmweb01/sales_enu/19237/applets/Si...Integration.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://useqcprodapp01:8080/qcbin/Spider90.ocx
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
O16 - DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - https://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19230/applets/Si...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25...bex/ieatgpc.cab
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} (Novell Session Control) - http://chipsndip/CHipsNDip1/Activex/NWSess.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O17 - HKLM\Software\..\Telephony: DomainName = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wlgore.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - c:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DB2 Management Service (TAEVAL21) (DB2MGMTSVC_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL21) (DB2NTSECSERVER_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe
O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8d516337c5b26) (gupdate1c8d516337c5b26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\lotus\notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 20284 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2004-05-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-24 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2004-05-14 131072]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-05-07 40960]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-01 7561216]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2006-06-29 1032192]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-30 136600]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-08-10 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-08-10 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-08-10 45056]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-08-10 20480]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-09-13 50688]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-11-08 49152]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"Discovery User Input"=c:\Discovery\User Input\userin32.exe [2009-02-14 233472]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-05-02 55368]
"DMXLauncher"=C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe [2007-04-02 113400]
"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2005-05-18 40960]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-07-17 136512]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-10-06 111952]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-05-07 45056]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-30 520024]
"AGNS_Config"=nircmd execmd C:\WINDOWS\ATT_Config.cmd []
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"2"=nircmd execmd C:\WINDOWS\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]
"NetSP - restore settings on power failure"=C:\Program Files\AT&T Global Network Client\NetSP.exe [2007-01-13 24576]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2008-10-24 206112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Novell iFolder.lnk - C:\Program Files\Novell\iFolder\trayapp.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll [2007-01-10 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\NalShell.dll [2007-07-20 458752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"CompatibleRUPSecurity"=1
"DisableCAD"=1
"DontDisplayLastUserName"=0
"LegalNoticeText"=Access to this system is restricted to authorized users only. This system contains information that is considered confidential and proprietary to W. L. Gore & Associates, Inc. By clicking OK, you agree to not disclose the information contained in this system to any third party or to use it for your own use or benefit, without the written permission of W. L. Gore & Associates, Inc.
"ShutdownWithoutLogon"=1
"UndockWithoutLogon"=1
"LegalNoticeCaption"=IMPORTANT Notice:
"LogonType"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSharedDocuments"=1
"ForceStartMenuLogOff"=1
"Intellimenus"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"NoPublishingWizard"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoWelcomeScreen"=
"NoPublishingWizard"=
"NoWebServices"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
"C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe"="C:\sea78\MC\Charts\JRE1.3\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\sea78\MC\BIN\siebel.exe"="C:\sea78\MC\BIN\siebel.exe:*:Enabled:Siebel Mobile Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:LocalSubNet:Enabled:Microsoft Visual Studio"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-08-07 00:31:27 ----A---- C:\ComboFix.txt
2009-08-07 00:07:59 ----A---- C:\WINDOWS\zip.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\SWSC.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\SWREG.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\sed.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\PEV.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-07 00:07:59 ----A---- C:\WINDOWS\grep.exe
2009-08-06 23:23:24 ----D---- C:\WINDOWS\ERDNT
2009-08-06 23:20:30 ----D---- C:\Qoobox
2009-08-04 19:43:11 ----D---- C:\rsit
2009-08-04 17:10:59 ----D---- C:\Program Files\Garmin
2009-08-01 15:08:10 ----D---- C:\Program Files\Shared
2009-08-01 14:48:51 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-07-31 14:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-31 14:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-31 14:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-31 14:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-31 14:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-31 14:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-31 14:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-31 14:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-07-31 14:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-31 14:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-31 14:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-31 14:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-31 14:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-31 14:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-31 14:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-07-31 14:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-31 14:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-31 14:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-31 14:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-31 14:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-31 14:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-31 14:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-31 14:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-31 14:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-31 14:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-31 14:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-31 14:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-31 14:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-31 14:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-31 14:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-31 14:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-31 14:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-31 14:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-31 02:04:52 ----D---- C:\aHoldingFolder
2009-07-31 01:10:00 ----D---- C:\WINDOWS\Prefetch
2009-07-31 01:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-31 00:46:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-30 23:50:52 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-30 23:49:57 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-30 23:49:55 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-30 23:19:02 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-30 18:53:40 ----D---- C:\WINDOWS\dell
2009-07-21 09:59:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-21 09:58:59 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-21 09:58:44 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\credssp.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-21 09:58:43 ----A---- C:\WINDOWS\system32\azroles.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-07-21 09:58:42 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-07-21 09:58:41 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-21 09:58:40 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mssha.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-07-21 09:58:39 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\qagent.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\onex.dll
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napstat.exe
2009-07-21 09:58:38 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slserv.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slgen.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\setupn.exe
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-07-21 09:58:37 ----A---- C:\WINDOWS\system32\qutil.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wmphoto.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-21 09:58:36 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-21 09:58:35 ----A---- C:\WINDOWS\slrundll.exe
2009-07-21 09:58:34 ----D---- C:\WINDOWS\system32\scripting
2009-07-21 09:58:32 ----D---- C:\WINDOWS\l2schemas
2009-07-21 09:58:31 ----D---- C:\WINDOWS\system32\en
2009-07-21 09:58:30 ----D---- C:\WINDOWS\system32\bits
2009-07-21 09:54:56 ----D---- C:\WINDOWS\network diagnostic
2009-07-21 09:45:42 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-21 09:45:41 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-21 09:44:31 ----A---- C:\WINDOWS\system32\faxpatch.exe
2009-07-21 09:43:19 ----R---- C:\WINDOWS\system32\ZRMAudit.txt
2009-07-15 23:19:28 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-14 22:42:01 ----A---- C:\WINDOWS\soon.exe
2009-07-14 22:42:01 ----A---- C:\WINDOWS\ATT_Config.cmd
2009-07-13 12:36:54 ----D---- C:\CoreTechnology

======List of files/folders modified in the last 1 months======

2009-08-07 00:35:01 ----D---- C:\WINDOWS\Temp
2009-08-07 00:31:32 ----D---- C:\WINDOWS\system32
2009-08-07 00:27:31 ----SHD---- C:\RECYCLER
2009-08-07 00:26:48 ----D---- C:\WINDOWS
2009-08-07 00:26:48 ----A---- C:\WINDOWS\system.ini
2009-08-07 00:26:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-07 00:26:04 ----SHD---- C:\WINDOWS\Installer
2009-08-07 00:20:50 ----D---- C:\WINDOWS\system32\drivers
2009-08-07 00:20:50 ----D---- C:\WINDOWS\AppPatch
2009-08-07 00:20:35 ----D---- C:\Program Files\Common Files
2009-08-07 00:09:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 00:08:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-07 00:07:06 ----D---- C:\Documents and Settings\BDEAN\Application Data\MSN6
2009-08-06 23:17:09 ----HD---- C:\NALCache
2009-08-06 20:16:58 ----D---- C:\Program Files\AT&T Global Network Client
2009-08-06 20:16:07 ----D---- C:\Program Files\SureThing Express Labeler
2009-08-06 16:18:29 ----D---- C:\Zenworks
2009-08-06 13:31:29 ----D---- C:\NDPS
2009-08-06 00:56:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-05 14:17:23 ----D---- C:\quarantine
2009-08-05 13:25:05 ----D---- C:\WINDOWS\security
2009-08-05 13:19:09 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-08-05 13:17:27 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-05 13:02:04 ----D---- C:\Temp
2009-08-04 21:13:14 ----D---- C:\Program Files\Quicken
2009-08-04 20:08:58 ----D---- C:\WINDOWS\Registration
2009-08-04 19:47:36 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-08-04 18:55:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-04 17:11:07 ----SHD---- C:\Config.Msi
2009-08-04 17:11:01 ----D---- C:\Program Files\DIFX
2009-08-04 17:11:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-04 17:10:59 ----RD---- C:\Program Files
2009-08-04 17:09:23 ----HD---- C:\WINDOWS\inf
2009-08-04 16:50:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-04 15:51:18 ----D---- C:\WINDOWS\system32\config
2009-08-04 15:50:16 ----D---- C:\WINDOWS\system32\wbem
2009-08-03 02:01:08 ----D---- C:\WINDOWS\Minidump
2009-08-01 13:28:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 13:08:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-31 19:31:03 ----A---- C:\WINDOWS\ODBC.INI
2009-07-31 18:50:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-31 14:59:10 ----RSD---- C:\WINDOWS\assembly
2009-07-31 14:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-31 14:55:46 ----D---- C:\WINDOWS\WinSxS
2009-07-31 14:54:34 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-31 14:45:04 ----D---- C:\WINDOWS\system32\en-US
2009-07-31 14:45:04 ----D---- C:\Program Files\Internet Explorer
2009-07-31 14:44:50 ----D---- C:\WINDOWS\ie7updates
2009-07-31 14:23:09 ----A---- C:\WINDOWS\imsins.BAK
2009-07-31 14:22:37 ----D---- C:\Program Files\Messenger
2009-07-31 14:21:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 13:03:26 ----A---- C:\WINDOWS\msg_mgr.ini
2009-07-31 13:03:26 ----A---- C:\WINDOWS\attwktop.ini
2009-07-31 10:31:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-31 10:31:09 ----D---- C:\WINDOWS\Help
2009-07-31 02:31:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-31 02:15:47 ----SD---- C:\WINDOWS\Tasks
2009-07-31 01:37:16 ----HDC---- C:\WINDOWS\ie7
2009-07-31 01:35:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 01:30:19 ----A---- C:\WINDOWS\system32\asasrv.ini
2009-07-31 01:12:26 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-31 01:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-07-31 01:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 01:01:38 ----A---- C:\WINDOWS\setuplog.txt
2009-07-31 01:00:22 ----D---- C:\WINDOWS\ime
2009-07-31 01:00:09 ----D---- C:\WINDOWS\PeerNet
2009-07-31 01:00:09 ----D---- C:\Program Files\Movie Maker
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\Restore
2009-07-31 00:56:07 ----D---- C:\WINDOWS\system32\npp
2009-07-31 00:56:07 ----D---- C:\WINDOWS\mui
2009-07-31 00:56:05 ----D---- C:\WINDOWS\msagent
2009-07-31 00:56:02 ----D---- C:\WINDOWS\srchasst
2009-07-31 00:55:57 ----D---- C:\Program Files\NetMeeting
2009-07-31 00:55:55 ----D---- C:\WINDOWS\system32\Com
2009-07-31 00:55:52 ----D---- C:\Program Files\Windows Media Player
2009-07-31 00:55:48 ----D---- C:\Program Files\Windows NT
2009-07-31 00:55:47 ----D---- C:\Program Files\outlook express
2009-07-31 00:55:42 ----D---- C:\Program Files\Common Files\System
2009-07-31 00:55:16 ----D---- C:\WINDOWS\system32\oobe
2009-07-31 00:55:14 ----D---- C:\WINDOWS\system32\usmt
2009-07-31 00:55:13 ----D---- C:\WINDOWS\system
2009-07-31 00:50:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-31 00:46:45 ----D---- C:\WINDOWS\ehome
2009-07-31 00:13:37 ----SHD---- C:\System Volume Information
2009-07-31 00:06:09 ----D---- C:\WINDOWS\nview
2009-07-31 00:06:09 ----D---- C:\Program Files\CUAgent
2009-07-30 23:51:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-30 23:50:55 ----RD---- C:\WINDOWS\Web
2009-07-30 23:50:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-30 23:50:30 ----A---- C:\WINDOWS\win.ini
2009-07-30 23:42:52 ----D---- C:\WINDOWS\system32\NetWare
2009-07-30 23:42:49 ----D---- C:\WINDOWS\system32\nls
2009-07-30 23:41:52 ----SH---- C:\boot.ini
2009-07-30 23:18:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-30 21:35:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-30 19:04:43 ----D---- C:\WINDOWS\Media
2009-07-30 18:58:10 ----D---- C:\WINDOWS\twain_32
2009-07-30 18:56:26 ----D---- C:\WINDOWS\system32\icsxml
2009-07-30 18:55:36 ----D---- C:\WINDOWS\system32\ias
2009-07-30 18:55:28 ----D---- C:\WINDOWS\system32\1033
2009-07-30 18:53:34 ----D---- C:\WINDOWS\Driver Cache
2009-07-28 10:55:07 ----A---- C:\ch_tt.txt
2009-07-28 10:55:07 ----A---- C:\apnttlog.txt
2009-07-22 08:29:31 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-21 11:29:22 ----D---- C:\Program Files\Roxio
2009-07-21 11:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-07-21 11:29:08 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-21 11:29:07 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-07-21 11:22:35 ----D---- C:\Program Files\Common Files\Research in Motion
2009-07-21 11:01:44 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 20:56:44 ----D---- C:\WINDOWS\Flag
2009-07-14 22:46:46 ----D---- C:\Documents and Settings\All Users\Application Data\AGNS
2009-07-11 09:56:47 ----HD---- C:\WINDOWS\system32\GroupPolicy.WksCache
2009-07-10 19:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-07-10 18:37:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-10 18:36:58 ----D---- C:\Program Files\Logitech
2009-07-10 18:35:02 ----D---- C:\Program Files\W.L. Gore & Associates, Inc
2009-07-10 18:33:58 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 enstart_;enstart_; \??\C:\WINDOWS\system32\enstart_.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-10-06 52136]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-05-07 34671]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-15 21419]
R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 19328]
R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2005-11-22 502223]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-10 18353]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 srenum;srenum; C:\WINDOWS\System32\DRIVERS\srenum.sys [2009-06-28 36480]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2005-11-22 159985]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 agnfilt;AGN Filter Interface; C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 180864]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-29 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CdProbe;CdProbe; \??\C:\WINDOWS\system32\DRIVERS\CDProbe.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 2773]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-10-06 64488]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-10-06 72904]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-10-06 34344]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-10-06 177672]
R3 ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2009-06-27 20480]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3653280]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2005-11-22 39600]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-09 28800]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327040]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\BDEAN\LOCALS~1\Temp\aujasnkj.sys []
S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
S3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
S3 catchme;catchme; \??\C:\DOCUME~1\BDEAN\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys []
S3 RmAx;RMAXUSB; C:\WINDOWS\System32\Drivers\RmAx.sys [2005-09-04 40502]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2005-12-15 4608]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2005-03-23 14912]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2005-03-23 22528]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2006-01-29 10910]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 CentennialClientAgent;CentennialClientAgent; c:\Centenn.ial\Audit\CAgent32.exe [2009-02-14 1004832]
R2 CentennialIPTransferAgent;CentennialIPTransferAgent; C:\Centenn.ial\Audit\xferwan.exe [2009-02-14 476448]
R2 DB2MGMTSVC_TAEVAL21;DB2 Management Service (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe [2007-07-23 35616]
R2 enstart;enstart; C:\WINDOWS\system32\enstart.exe [2008-05-29 737280]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-30 152984]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics; C:\Program Files\lotus\notes\nsd.exe [2008-12-06 3315080]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-07-17 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-10-06 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-10-06 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-07-12 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2008-12-06 58760]
R2 NALNTSERVICE;Novell Application Launcher; C:\Program Files\Novell\ZENworks\nalntsrv.exe [2006-06-13 113152]
R2 NetCfgSvr;Network Configuration Service; C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE [2007-01-13 323584]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-09-13 937984]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2004-03-05 192573]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-08-11 290816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2007-01-10 61440]
R2 ZFDWM;Workstation Manager; C:\Program Files\Novell\ZENworks\wm.exe [2007-02-07 152128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c8d516337c5b26;Google Update Service (gupdate1c8d516337c5b26); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2005-01-18 36864]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-08-10 57344]
S3 DB2NTSECSERVER_TAEVAL21;DB2 Security Server (TAEVAL21); C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe [2007-07-23 14112]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2004-10-13 243196]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe []

-----------------EOF-----------------

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 07 August 2009 - 12:50 AM

Hi bdeandel,




Step1


Please run HijackThis! and click "Do a system scan only." Place check next to the following entry,(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".



Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 15...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • Java 2 Runtime Environment, SE v1.4.2_11
      Java 2 Runtime Environment, SE v1.4.2_14
      Java™ 6 Update 11
      Java™ 6 Update 2
      Java™ 6 Update 3
      Java™ 6 Update 5
      Java™ 6 Update 7
      Java™ SE Runtime Environment 6 Update 1
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.

Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.KAS Scan Report
2.Fresh HJT log

Tell me how your pc is running now.

#11 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 August 2009 - 05:17 PM

I was able to do up through Step 3

When trying to do Step 4 the update portion failed...now when I try again I am getting the following message

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]

I have tried numerous times to run the scan.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 07 August 2009 - 11:05 PM

Hi bdeandel,



Let's try the following instead.

Step1


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.

I will give you another one, just in case. :thumbup2:


Please go to F-Secure Online Scanner Next Generation
  • Click on the link "Start your scan".
  • You may receive an alert on the address bar at this point to install the ActiveX control.
  • Read the license agreement and click "Accept".
  • Click "Full System Scan" to download the scanning components and begin scan and cleaning.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • When done click "Show report" and copy/paste its contents into your next reply.

In you next reply, please post back:

1.ESET online scan report
2.Fresh HJT log

Tell me how your pc is running now.

#13 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 08 August 2009 - 09:21 AM

Here's the ESET Online Scan Report:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=8c82e6b66f14fd4da977bb1446e855fc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-08 09:50:50
# local_time=2009-08-08 05:50:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# scanned=309592
# found=3
# cleaned=3
# scan_time=9439
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestination.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\BDEAN\My Music\Tricia\Shared\Fergie - All That I Got.wma WMA/TrojanDownloader.Wimad.K trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\frfz\frfzd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


And here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:52 AM, on 8/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\lotus\notes\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://genie.wlgore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://chipsndip.wlgore.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 157.204.22.4:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: 157.204.22.243 login.wlgore.com
O1 - Hosts: 157.204.22.242 iam-am.wlgore.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AGNS_Config] nircmd execmd C:\WINDOWS\ATT_Config.cmd
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
O4 - HKLM\..\Policies\Explorer\Run: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TAXSOFTWARE - http://www.taxsoftware.com/Taxsoftware.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://chipsndip/download/CfxIEAx.cab
O16 - DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19237/applets/Si...tBound_mail.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://server10b.wlgore.com/iNotes6W.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19237/applets/Si...x_HI_Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146508140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1249146483765
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {85615D08-3D5B-4045-976D-231011156A6D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crmweb01/sales_enu/19230/applets/Si...tBound_mail.cab
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} (Novell User Group Control) - http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://crmweb01/sales_enu/19237/applets/Si...Integration.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://useqcprodapp01:8080/qcbin/Spider90.ocx
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} (JDEWebRTFEditU Control) - http://yin3.wlgore.com:7792/jde/axctls/jdewebctlsU.cab
O16 - DPF: {C0878FB4-EF34-4843-9EEA-E6DB0A39317C} - https://iam-am.wlgore.com/sslvpn/Applet/ActX.ocx
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://crmweb01/sales_enu/19230/applets/Si...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://castor/sales_enu/19221/applets/SiebelAx_HI_Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25...bex/ieatgpc.cab
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} (Novell Session Control) - http://chipsndip/CHipsNDip1/Activex/NWSess.ocx
O16 - DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} (JDEExcelAutoU Control) - http://e1.wlgore.com/jde/axctls/jdeexpimpU.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O17 - HKLM\Software\..\Telephony: DomainName = wlgore.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wlgore.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - c:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DB2 Management Service (TAEVAL21) (DB2MGMTSVC_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL21) (DB2NTSECSERVER_TAEVAL21) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysts Trial 2.1\DB2 Client\BIN\db2sec.exe
O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c8d516337c5b26) (gupdate1c8d516337c5b26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Program Files\lotus\notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 20919 bytes

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:37 PM

Posted 08 August 2009 - 09:59 AM

Hi bdeandel,



Did you or an administrator has set a policy which disables changing IE start page for the current user?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

If not, then close all browsers and other windows except for HijackThis!, and click "Fix Checked

Other than that, the logs appear to be clear now. :thumbup2: Do you have any remaining issues on you pc? If not, let's do some tidy up.


Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Download OTC by OldTimer and save it to your desktop.
  • Double click OTC and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.
  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

Edited by sundavis, 08 August 2009 - 10:00 AM.


#15 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 08 August 2009 - 07:25 PM

:thumbup2: THANKS FOR ALL THE HELP :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users