Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with xorpix


  • This topic is locked This topic is locked
43 replies to this topic

#1 bethlthealth

bethlthealth

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 03 August 2009 - 08:21 AM

Hi,
Antimalware that came with Errorfix scanned for 16+ hours and came up with xorpix.
The number of things found was high, sorry don't remember, but the things that it actually fixed was small.
example:found 150 fixed 25, something like that. If you need me to do another scan and give specifics, I will.
I have a hijack this log and the dds.txt as per your instructions. And will attach the attach.txt.
I have errorfix, trend micro internet security, malicious software removal tool, windows defender, webroot spysweeper, antimalware (from errorfix),
spybot search and destroy, rubotted, housecall. I think that is it.
DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by beth at 8:02:30.21 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3034.1219

[GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)

{7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-

ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-

DA132C1ACF46}
SP: AntiMalware *disabled* (Updated) {675C39B5-E1EC-4D5C-B618-

93BF633AECF7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0

\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0

\aestsrv.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
C:\ProgramData\SingleClick Systems\Remote Access File Sync

Service\dsl_fs_sync.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxbacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Users\beth\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pogo.com/home/home.do
uWindow Title = Internet Explorer provided by Dell
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program

files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} -

c:\program files\windows live\toolbar\wltcore.dll
BHO: OneRiot IE Statusbar BHO: {f28d74ec-b064-4402-926d-e00687233421} -

c:\program files\oneriot\browser add-ons\IEStatusbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -

c:\program files\windows live\toolbar\wltcore.dll
TB: Toolbar Powered by OneRiot: {9516eb1c-ac77-492d-8fd6-a05afac9ea6e} -

c:\program files\oneriot\browser add-ons\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [OE] "c:\program files\trend micro\internet

security\tmas_oe\TMAS_OEMon.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search &

destroy\TeaTimer.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe"

-hide
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [QuickSet] "c:\program files\dell\quickset\QuickSet.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage

manager\iaanotif.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe

online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support

center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet

security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0

\reader\Reader_sl.exe"
mRun: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
mRun: [BlackBerryAutoUpdate] "c:\program files\common files\research in

motion\auto update\RIMAutoUpdate.exe" /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0

\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TMRUBottedTray] "c:\program files\trend

micro\rubotted\TMRUBottedTray.exe"
mRun: [SpySweeper] "c:\program

files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [OE] c:\program files\trend micro\internet

security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\users\beth\appdata\roaming\micros~1\windows\startm~1

\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1

\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1

\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-

ba02-c411c0047cc5}

\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program

files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-

98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-

2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21

29808]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32

\drivers\tmlwf.sys [2009-3-24 145424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32

\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-15 81920]
R2 Apache2.2;Remote Access Media Server;c:\programdata\singleclick

systems\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:\program

files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 dsl-db;Remote Access DB;c:\programdata\singleclick

systems\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\programdata\singleclick

systems\remote access file sync service\dsl_fs_sync.exe [2008-9-30 173296]
R2 lxba_device;lxba_device;c:\windows\system32\lxbacoms.exe -service -->

c:\windows\system32\lxbacoms.exe -service [?]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend

micro\rubotted\TMRUBotted.exe [2009-7-20 582992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot -

search & destroy\SDWinSec.exe [2009-8-1 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement

pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-24

50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet

security\TmPfw.exe [2009-3-24 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-15

36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet

security\TmProxy.exe [2009-3-24 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32

\drivers\tmwfp.sys [2009-3-24 256528]
R2 WRConsumerService;Webroot Client Service;c:\program

files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-31 1205760]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!

\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc -->

RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32

\drivers\btwl2cap.sys [2009-3-15 29736]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32

Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-3-15 3663360]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys

[2009-7-20 206608]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32

\drivers\TMPassthru.sys [2009-7-20 206608]

=============== Created Last 30 ================

2009-08-01 10:13 <DIR> --d----- c:\programdata\Spybot - Search &

Destroy
2009-08-01 10:13 <DIR> --d----- c:\program files\Spybot - Search &

Destroy
2009-08-01 10:13 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-31 08:47 <DIR> --d----- c:\program files\MSSOAP
2009-07-31 08:47 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-31 08:46 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-31 08:46 <DIR> --d-----

c:\users\beth\appdata\roaming\Webroot
2009-07-31 08:46 <DIR> --d----- c:\programdata\Webroot
2009-07-31 08:46 <DIR> --d----- c:\program files\Webroot
2009-07-31 08:46 <DIR> --d----- c:\progra~2\Webroot
2009-07-31 08:45 164 a------- c:\windows\install.dat
2009-07-29 09:40 11 a------- C:\AuResult.ini
2009-07-26 22:01 8,270,752 a-------

c:\users\beth\appdata\roaming\DataSafeDotNet.exe
2009-07-20 14:28 206,608 a------- c:\windows\system32

\drivers\TMPassthru.sys
2009-07-20 00:08 <DIR> --d----- c:\users\beth\.housecall6.6
2009-07-19 23:49 <DIR> --d----- c:\users\beth\hijack this
2009-07-18 12:08 <DIR> --d-----

c:\users\beth\appdata\roaming\AntiMalware
2009-07-18 12:08 <DIR> --d----- c:\program files\AntiMalware
2009-07-15 11:55 1,220,120 a------- c:\windows\system32

\drivers\vsapint.sys
2009-07-15 11:55 225,296 a------- c:\windows\system32

\drivers\tmxpflt.sys
2009-07-15 11:55 36,368 a------- c:\windows\system32

\drivers\tmpreflt.sys
2009-07-15 08:58 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 08:58 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 08:58 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 08:58 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 08:58 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-11 23:41 <DIR> --d----- c:\programdata\eBay
2009-07-11 23:41 <DIR> --d----- c:\program files\eBay
2009-07-11 23:41 <DIR> --d----- c:\progra~2\eBay
2009-07-07 14:34 <DIR> --d----- c:\program files\Error Fix
2009-07-07 14:34 <DIR> --d----- c:\program files\Downloaded Installers
2009-07-07 14:31 <DIR> --d----- c:\users\beth\appdata\roaming\Error

Fix

==================== Find3M ====================

2009-07-30 12:31 152 a-------

c:\users\beth\appdata\roaming\wklnhst.dat
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 14:29 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-20 14:29 143,360 a------- c:\windows\inf\infstor.dat
2009-07-20 14:29 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 16:34 1,044,480 a----r-- c:\windows\system32\roboex32.dll
2009-06-30 16:34 49,152 a----r-- c:\windows\system32\inetwh32.dll
2009-05-30 06:10 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-01-20 21:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-08-03 08:03 262,144 a--sh---

c:\windows\serviceprofiles\networkservice\NTUSER.DAT

============= FINISH: 8:03:26.73 ===============

Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:13 AM, on 8/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\ProgramData\SingleClick

Systems\apache\bin\httpd.exe
C:\Program Files\Trend Micro\Internet

Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage

Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe

Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD

DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In

Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend

Micro\RUBotted\TMRUBottedTray.exe
C:\Program

Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\BtStackServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32

\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Internet Explorer

provided by Dell
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-

7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-

4283-A596-FA578C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-

6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-

90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-

A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-

8516-42A1-81EA-DC94EC1ACF10} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OneRiot IE Statusbar BHO - {F28D74EC-

B064-4402-926D-E00687233421} - C:\Program

Files\OneRiot\Browser Add-ons\IEStatusbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-

376D-4D53-9B0F-8A89D3229068} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar Powered by OneRiot - {9516EB1C

-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program

Files\OneRiot\Browser Add-ons\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "%

ProgramFiles%\Windows Defender\MSASCui.exe" -

hide
O4 - HKLM\..\Run: [Apoint] "C:\Program

Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32

\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds]

"C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence]

"C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [QuickSet] "C:\Program

Files\Dell\QuickSet\QuickSet.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program

Files\Intel\Intel Matrix Storage

Manager\iaanotif.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program

Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program

Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program

Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp]

"C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%

\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate]

"C:\Program Files\Common Files\Research In

Motion\Auto Update\RIMAutoUpdate.exe"

/background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program

Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program

Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program

Files\Webroot\WebrootSecurity\SpySweeperUI.exe"

/startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program

Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend

Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program

Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %

ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program

Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %

ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557764662-1018864607-

510692554-1001\..\Run: [Sidebar] "%ProgramFiles%

\Windows Sidebar\Sidebar.exe" /detectMem (User

'RA Media Server')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program

Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program

Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User

'Default user')
O4 - S-1-5-21-1557764662-1018864607-510692554-

1001 User Startup: Dell Dock First Run.lnk = C:\Program

Files\Dell\DellDock\DellDock.exe (User 'RA Media

Server')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk =

C:\Program Files\Dell\DellDock\DellDock.exe (User

'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program

Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Add to Google Photos

Screensa&ver - res://C:\Windows\system32

\GPhotos.scr/200
O8 - Extra context menu item: Send image to

&Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth

Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-

A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows

Live Writer - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-

C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4

-A200-58CAB36FD2A2} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &&

Destroy Configuration - {DFB852A3-47F8-48C4-A200

-58CAB36FD2A2} - C:\Program Files\Spybot - Search

& Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program

Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service

(AESTFilters) - Andrea Electronics Corporation -

C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_ae0b52e0

\aestsrv.exe
O23 - Service: Remote Access Media Server

(Apache2.2) - Apache Software Foundation -

C:\ProgramData\SingleClick

Systems\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom

Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) -

Stardock Corporation - C:\Program

Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown

owner - C:\ProgramData\SingleClick

Systems\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-

fs-sync) - SingleClick Systems -

C:\ProgramData\SingleClick Systems\Remote Access

File Sync Service\dsl_fs_sync.exe
O23 - Service: GoToAssist - Citrix Online, a division of

Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc)

- Dell Inc. - c:\ProgramData\SingleClick

Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor

(IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage

Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT)

- Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32

\IDriverT.exe
O23 - Service: lxba_device - - C:\Windows\system32

\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions

- C:\Program Files\Roxio\Digital Home 9

\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions -

C:\Program Files\Roxio\Digital Home 9

\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9)

- Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0

\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions -

C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9

(RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service

(RUBotted) - Trend Micro Inc. - C:\Program

Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service

(SBSDWSCService) - Safer Networking Ltd. -

C:\Program Files\Spybot - Search &

Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component

(SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend

Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service

(DellSupportCenter) (sprtsvc_DellSupportCenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -

C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_ae0b52e0

\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc.

- C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change

Prevention Service (TMBMServer) - Trend Micro Inc. -

C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -

Trend Micro Inc. - C:\Program Files\Trend

Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) -

Trend Micro Inc. - C:\Program Files\Trend

Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine

(WebrootSpySweeperService) - Webroot Software,

Inc. (www.webroot.com) - C:\Program

Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service

(WRConsumerService) - Webroot Software, Inc. -

C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.

exe
O23 - Service: Yahoo! Updater (YahooAUService) -

Yahoo! Inc. - C:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown

owner - RUNDLL32.EXE (file missing)

--
End of file - 13526 bytes

Thank you for any help,
God bless,
Beth

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:31 PM

Posted 12 August 2009 - 04:57 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 13 August 2009 - 01:44 PM

Hi,
First, thank you very much for your time and knowledge.
My computer is slower than when I got it a few months ago.
Antimalware (that comes with Errorfix) said I was infected with xorpix. This after 16+ hours of scan time.
When it fixed the problems it found, xorpix was not one of the items it fixed.
I have trend micro internet security, I got RUbotted, and did a house call from trend micro.
I have spysweeper.
I am just concered about antimalware not fixing the xorpix thing.
Thank you for any help,
God bless,
Beth


DDS (Ver_09-07-30.01) - NTFSx86
Run by beth at 13:29:48.97 on Thu 08/13/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3034.1471 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: AntiMalware *enabled* (Updated) {675C39B5-E1EC-4D5C-B618-93BF633AECF7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\lxbacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\beth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pogo.com/home/home.do
uWindow Title = Internet Explorer provided by Dell
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: OneRiot IE Statusbar BHO: {f28d74ec-b064-4402-926d-e00687233421} - c:\program files\oneriot\browser add-ons\IEStatusbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Toolbar Powered by OneRiot: {9516eb1c-ac77-492d-8fd6-a05afac9ea6e} - c:\program files\oneriot\browser add-ons\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [QuickSet] "c:\program files\dell\quickset\QuickSet.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
mRun: [BlackBerryAutoUpdate] "c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe" /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\users\beth\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-3-24 145424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-15 81920]
R2 Apache2.2;Remote Access Media Server;c:\programdata\singleclick systems\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 dsl-db;Remote Access DB;c:\programdata\singleclick systems\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe [2008-9-30 173296]
R2 lxba_device;lxba_device;c:\windows\system32\lxbacoms.exe -service --> c:\windows\system32\lxbacoms.exe -service [?]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-7-20 582992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-1 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-24 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-24 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-15 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-24 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-3-24 256528]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-31 1205760]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-15 29736]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-3-15 3663360]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-7-20 206608]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-7-20 206608]

=============== Created Last 30 ================

2009-08-12 04:27 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 04:27 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 04:27 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 04:27 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 04:26 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 04:26 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 04:26 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 04:26 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 04:26 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 04:26 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 04:26 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-01 10:13 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-08-01 10:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-01 10:13 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-31 08:47 <DIR> --d----- c:\program files\MSSOAP
2009-07-31 08:47 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-31 08:46 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-31 08:46 <DIR> --d----- c:\users\beth\appdata\roaming\Webroot
2009-07-31 08:46 <DIR> --d----- c:\programdata\Webroot
2009-07-31 08:46 <DIR> --d----- c:\program files\Webroot
2009-07-31 08:46 <DIR> --d----- c:\progra~2\Webroot
2009-07-31 08:45 164 a------- c:\windows\install.dat
2009-07-29 09:40 11 a------- C:\AuResult.ini
2009-07-26 22:01 8,270,752 a------- c:\users\beth\appdata\roaming\DataSafeDotNet.exe
2009-07-20 14:28 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-07-20 00:08 <DIR> --d----- c:\users\beth\.housecall6.6
2009-07-19 23:49 <DIR> --d----- c:\users\beth\hijack this
2009-07-18 12:08 <DIR> --d----- c:\users\beth\appdata\roaming\AntiMalware
2009-07-18 12:08 <DIR> --d----- c:\program files\AntiMalware
2009-07-15 11:55 1,220,120 a------- c:\windows\system32\drivers\vsapint.sys
2009-07-15 11:55 225,296 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-07-15 11:55 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-07-15 08:58 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 08:58 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 08:58 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 08:58 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 08:58 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-07-30 12:31 152 a------- c:\users\beth\appdata\roaming\wklnhst.dat
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 14:29 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-20 14:29 143,360 a------- c:\windows\inf\infstor.dat
2009-07-20 14:29 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 16:34 1,044,480 a----r-- c:\windows\system32\roboex32.dll
2009-06-30 16:34 49,152 a----r-- c:\windows\system32\inetwh32.dll
2009-05-30 06:10 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-01-20 21:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:30:35.34 ===============

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:31 PM

Posted 21 August 2009 - 10:15 PM

My apologies for the additional delay. A HiJack This team member should be with you soon.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 21 August 2009 - 10:45 PM

Hi,
most definately NOT a problem. I completely understand you guys are swamped. And I appreciate you guys sharing your knowledge and taking your time to do this.
I would dearly love to understand this stuff so I could help people and myself..lol...
Thank you again,
God bless,
Beth

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:31 PM

Posted 22 August 2009 - 10:42 AM

Hello bethlthealth and welcome to BC!!!! :thumbup2:

I sincerely apologize for the delay in responding. I inadvertently forgot to check the immediate email notification when I subscribed to this topic. :)

I'll begin going over your logs but in the meantime please download and run RSIT.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your reply copy/paste the RSIT logs. (Please do not attach logs unless asked to)
PW

#7 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 22 August 2009 - 05:08 PM

Hi pwgib,
I have tried to go and download the exe you specified.
Trend Micro identifies this url as dangerous.
I went into trend micro and added the url to the allowed urls within the trend micro console.
This has not failed to work prior to this for websites we know (or thought we knew) to be
safe. Um, I'm thinking disable trend micro long enough to go download and execute the required
file?
If this is what you need me to do, um, I don't know how to disable trend micro.
I will be trying to see if I can figure out how to do it while I wait to hear back from you.
Thank you again for sharing your knowledge and your time,
God bless,
Beth Head

#8 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 22 August 2009 - 05:21 PM

Hi,
I got it.
here's the log text
Logfile of random's system information tool 1.06 (written by random/random)
Run by beth at 2009-08-22 17:14:15
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 126 GB (57%) free of 223 GB
Total RAM: 3034 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:46 PM, on 8/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Users\beth\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\beth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by

Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OneRiot IE Statusbar BHO - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program

Files\OneRiot\Browser Add-ons\IEStatusbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar Powered by OneRiot - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program

Files\OneRiot\Browser Add-ons\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe"

/m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] "C:\Program Files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe" /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe"

/startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557764662-1018864607-510692554-1001\..\Run: [Sidebar] "%ProgramFiles%

\Windows Sidebar\Sidebar.exe" /detectMem (User 'RA Media Server')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet

Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-21-1557764662-1018864607-510692554-1001 User Startup: Dell Dock First Run.lnk =

C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

(User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32

\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner

control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation -

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation -

C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program

Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\ProgramData\SingleClick

Systems\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems -

C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick

Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend

Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program

Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program

Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. -

C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend

Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend

Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc.

(www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 13836 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Error Fix Scan.job
C:\Windows\tasks\User_Feed_Synchronization-{1F00EFA4-2BFA-4A24-AD27-C83F2EB99E9B}.job
C:\Windows\tasks\wrSpySweeper_LFCA07AB18D2246EBAE388E24F84578B4.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{F28D74EC-B064-4402-926D-E00687233421}]
OneRiot IE Statusbar BHO - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll [2009-01-28

139024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows

Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - Toolbar Powered by OneRiot - C:\Program

Files\OneRiot\Browser Add-ons\IEToolbar.dll [2009-01-28 143632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-09-04 200704]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-12-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-12-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-12-09 154136]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2008-08-27 1662032]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07

1779952]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02

-27 35696]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-12-14 483420]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe [2009-06-05 615696]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[2008-11-10 236016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06

288088]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-03-24

492808]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05

2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}

\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe

C:\Users\beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-03-15 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-09 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweep

erService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerServic

e]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweep

erService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerServi

ce]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDrive

r]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-22 17:14:15 ----D---- C:\rsit
2009-08-12 04:27:16 ----A---- C:\Windows\system32\atl.dll
2009-08-12 04:27:12 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 04:27:08 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 04:27:05 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 04:26:59 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 04:26:58 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 04:26:57 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 12:19:51 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-01 10:13:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-31 08:47:28 ----A---- C:\Windows\system32\capicom.dll
2009-07-31 08:47:08 ----D---- C:\Program Files\MSSOAP
2009-07-31 08:47:08 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-31 08:46:56 ----D---- C:\Program Files\Webroot
2009-07-31 08:46:56 ----A---- C:\Windows\WRSetup.dll
2009-07-29 09:40:32 ----A---- C:\AuResult.ini
2009-07-29 07:36:18 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 07:36:17 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\occache.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 07:36:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\javaws.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\javaw.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\java.exe
2009-07-15 08:58:21 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 23:41:39 ----D---- C:\Program Files\eBay
2009-07-07 14:34:18 ----D---- C:\Program Files\Downloaded Installers
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\roboex32.dll
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\inetwh32.dll
2009-06-26 19:29:01 ----D---- C:\Documents and Settings\releaseengineer\Application Data\Microsoft
2009-06-26 19:28:19 ----D---- C:\Program Files\Yahoo!
2009-06-24 01:08:39 ----D---- C:\Program Files\Walmart MP3 Music Downloads
2009-06-17 03:01:09 ----D---- C:\Program Files\MSXML 4.0
2009-06-16 01:48:01 ----D---- C:\Program Files\Common Files\Research In Motion
2009-06-16 01:47:53 ----D---- C:\Program Files\Research In Motion
2009-06-10 23:37:27 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 23:37:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-05-30 06:10:11 ----D---- C:\Windows\system32\eu-ES
2009-05-30 06:10:11 ----D---- C:\Windows\system32\ca-ES
2009-05-30 06:10:10 ----D---- C:\Windows\system32\vi-VN
2009-05-30 05:54:04 ----D---- C:\Windows\system32\EventProviders
2009-05-30 05:53:22 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-30 05:53:20 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-30 05:53:19 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-30 05:53:18 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-30 05:53:18 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-30 05:53:17 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-30 05:53:16 ----A---- C:\Windows\system32\mssrch.dll
2009-05-30 05:53:15 ----A---- C:\Windows\system32\tquery.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\scavenge.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-30 05:53:12 ----A---- C:\Windows\system32\msi.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\sysmain.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\mf.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\icardagt.exe
2009-05-30 05:53:09 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spwizui.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spreview.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spinstall.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\shell32.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\secproc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-30 05:53:07 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mssvp.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssph.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mscoree.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\imapi2.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-30 05:53:05 ----A---- C:\Windows\system32\esent.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\sperror.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-30 05:53:04 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-30 05:53:04 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\SLC.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-30 05:53:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\msshsq.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-30 05:53:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-30 05:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msxml6.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msjet40.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\Query.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\qmgr.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\msexch40.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\diagperf.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\winload.exe
2009-05-30 05:52:59 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ole32.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ntdll.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\msxml3.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\uDWM.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\riched20.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mmc.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mblctr.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\fdBth.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\EncDec.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\dfsr.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\milcore.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\kernel32.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\spoolss.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\gpedit.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\fsquirt.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\Magnify.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\es.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\slwmi.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\mstext40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\advapi32.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\vssapi.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\authui.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\propsys.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-30 05:52:51 ----A---- C:\Windows\system32\newdev.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\setupapi.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\rpcss.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-30 05:52:50 ----A---- C:\Windows\system32\crypt32.dll
2009-05-30 05:52:50 ----A---- C:\Windows\explorer.exe
2009-05-30 05:52:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\msltus40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mfc42.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\davclnt.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\d3d9.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\photowiz.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\browseui.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\user32.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\samsrv.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\quartz.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\ci.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\win32spl.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-30 05:52:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\kerberos.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\winhttp.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\netshell.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-30 05:52:45 ----A---- C:\Windows\system32\compcln.exe
2009-05-30 05:52:45 ----A---- C:\Windows\system32\apds.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msctf.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\gdi32.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\SLUI.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\eapphost.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\winresume.exe
2009-05-30 05:52:42 ----A---- C:\Windows\system32\propdefs.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\odbc32.dll
2009-05-30 05:52:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-30 05:52:40 ----A---- C:\Windows\system32\swprv.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-30 05:52:39 ----A---- C:\Windows\system32\usp10.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\vds.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\schannel.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\netlogon.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msscb.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msctfp.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\drvinst.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\devmgr.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\BFE.DLL
2009-05-30 05:52:38 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-30 05:52:37 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\evr.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\wercon.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\services.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\adtschema.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\certcli.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\taskeng.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\reg.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msjter40.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdrm.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\certutil.exe
2009-05-30 05:52:33 ----A---- C:\Windows\system32\w32time.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msshooks.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bthserv.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-30 05:52:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msstrc.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msihnd.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\netapi32.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mscories.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\inetpp.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\hidserv.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\fundisc.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\dfshim.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\termsrv.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\profsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\msiexec.exe
2009-05-30 05:52:29 ----A---- C:\Windows\system32\imapi.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\gameux.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\wdc.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\rasmans.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\pnidui.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\icardres.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\iassdo.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-30 05:52:27 ----A---- C:\Windows\system32\scrrun.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\autofmt.exe
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wersvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-30 05:52:26 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pdh.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\azroles.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\winlogon.exe
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\comuid.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\wisptis.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\untfs.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\spp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\sethc.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\scrobj.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\rtutils.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\kd1394.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\iassam.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\dwm.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\certmgr.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\printui.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\iasnap.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\autochk.exe
2009-05-30 05:52:22 ----A---- C:\Windows\system32\winsrv.dll
2009-05-30 05:52:22 ----A---- C:\Windows\system32\autoconv.exe
2009-05-30 05:52:21 ----A---- C:\Windows\system32\cscript.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\wow32.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\userenv.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\osk.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\onex.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\mswsock.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdusb.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdcom.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\basecsp.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\audiodg.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\winmm.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\RelMon.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\offfilt.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\msftedit.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-30 05:52:18 ----A---- C:\Windows\system32\WerFault.exe
2009-05-30 05:52:18 ----A---- C:\Windows\system32\Utilman.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wsepno.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\sysclass.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\stobject.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\SndVol.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mscms.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mfplat.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\diskraid.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\apphelp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscript.exe
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\ulib.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\secur32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\rastapi.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-30 05:52:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\dsound.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\cryptui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\rastls.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\logman.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\gpapi.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\diskpart.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\brcpl.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\wusa.exe
2009-05-30 05:52:14 ----A---- C:\Windows\system32\regsvc.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\ntprint.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\mscorier.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\iasrad.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\findstr.exe
2009-05-30 05:52:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wshext.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\netcenter.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wer.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\uxsms.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\themecpl.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\slcc.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\scansetting.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powrprof.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powercpl.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\newdev.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\networkmap.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\msutb.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstsc.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasads.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasacct.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\connect.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\authz.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\themeui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\sud.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\samlib.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\pcaui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\usercpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\regapi.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\qdvd.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-30 05:52:09 ----A---- C:\Windows\system32\mmci.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\autoplay.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wpcao.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scksp.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scesrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-30 05:52:08 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\oleprn.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\mpr.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\imm32.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\feclient.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\sdclt.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\scecli.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasplap.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\qedit.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\pnpui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-30 05:52:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\DeviceEject.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\certreq.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\whealogr.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\srcore.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\raschap.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\fontext.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\conime.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanui.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\rasppp.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dsprop.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\shsetup.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\mscandui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\modemui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-30 05:52:02 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\smss.exe
2009-05-30 05:52:01 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\dataclen.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\credui.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\blackbox.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\certprop.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wscapi.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msscp.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msimtf.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\logagent.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\InkEd.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\ifmon.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\gpresult.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\cipher.exe
2009-05-30 05:51:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\softkbd.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\sendmail.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\olepro32.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\msctfui.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\wshbth.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\version.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\puiapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\msisip.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\mprapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\input.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\fc.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\cdd.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\dmusic.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\cscapi.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\msjint40.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\ftp.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\cscdll.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\Storprop.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\slcinst.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdial.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\mfps.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthci.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\aaclient.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\nslookup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mmcico.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\csrstub.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\cbsra.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\atmlib.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\winrnr.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\slwga.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\midimap.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\inetppui.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\msimsg.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\mferror.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-30 05:51:30 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\wdscore.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-30 05:51:19 ----A---- C:\Windows\system32\drvstore.dll
2009-05-30 01:38:57 ----A---- C:\Windows\uninst.exe

======List of files/folders modified in the last 3 months======

2009-08-22 17:14:18 ----D---- C:\Windows\Temp
2009-08-21 02:24:48 ----SHD---- C:\System Volume Information
2009-08-21 01:28:25 ----D---- C:\Windows\System32
2009-08-21 01:28:25 ----D---- C:\Windows\inf
2009-08-21 01:28:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-20 19:30:36 ----SHD---- C:\Windows\Installer
2009-08-20 19:30:35 ----D---- C:\Program Files
2009-08-20 10:02:05 ----D---- C:\beth
2009-08-18 11:11:57 ----HD---- C:\ProgramData
2009-08-18 11:11:50 ----SD---- C:\Windows\Downloaded Program Files
2009-08-18 11:07:58 ----D---- C:\Windows
2009-08-17 23:35:14 ----D---- C:\Windows\Prefetch
2009-08-16 17:56:19 ----D---- C:\Windows\system32\catroot2
2009-08-16 12:23:23 ----D---- C:\Windows\Debug
2009-08-15 17:16:53 ----D---- C:\Windows\system32\Service
2009-08-14 08:47:10 ----D---- C:\Windows\system32\catroot
2009-08-14 08:47:07 ----D---- C:\Windows\winsxs
2009-08-13 03:08:40 ----D---- C:\Program Files\Windows Media Player
2009-08-13 03:02:36 ----D---- C:\Program Files\Windows Mail
2009-07-31 22:03:23 ----SHD---- C:\$Recycle.Bin
2009-07-31 14:30:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 09:05:40 ----D---- C:\Windows\system32\Tasks
2009-07-31 09:05:39 ----D---- C:\Windows\Tasks
2009-07-31 08:47:08 ----D---- C:\Program Files\Common Files
2009-07-31 08:47:01 ----D---- C:\Windows\system32\drivers
2009-07-29 19:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-29 09:46:54 ----D---- C:\Windows\system32\migration
2009-07-29 09:46:54 ----D---- C:\Program Files\Internet Explorer
2009-07-26 22:18:08 ----D---- C:\Program Files\Dell DataSafe Online
2009-07-20 14:28:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-20 14:28:37 ----D---- C:\Program Files\Trend Micro
2009-07-20 01:16:17 ----D---- C:\Program Files\Java
2009-07-11 23:43:04 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-05 13:03:28 ----D---- C:\Windows\Minidump
2009-06-26 19:29:01 ----RD---- C:\Users
2009-06-24 14:01:31 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-06-24 14:00:14 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-06-24 14:00:07 ----RSD---- C:\Windows\Fonts
2009-06-24 13:59:57 ----D---- C:\Program Files\Roxio
2009-06-24 13:59:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-06-23 23:25:08 ----A---- C:\Windows\Lexstat.ini
2009-06-23 14:40:11 ----D---- C:\Windows\Microsoft.NET
2009-06-16 01:50:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-10 23:41:45 ----D---- C:\Program Files\Microsoft Works
2009-06-08 03:52:12 ----D---- C:\Program Files\Oberon Media
2009-05-30 06:33:16 ----RSD---- C:\Windows\assembly
2009-05-30 06:29:16 ----D---- C:\Windows\rescache
2009-05-30 06:17:01 ----SHD---- C:\boot
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Sidebar
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Collaboration
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Calendar
2009-05-30 06:10:32 ----D---- C:\Program Files\Movie Maker
2009-05-30 06:10:31 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-30 06:10:31 ----D---- C:\Program Files\Common Files\System
2009-05-30 06:10:30 ----D---- C:\Windows\servicing
2009-05-30 06:10:30 ----D---- C:\Program Files\Windows Defender
2009-05-30 06:10:29 ----D---- C:\Windows\system32\XPSViewer
2009-05-30 06:10:29 ----D---- C:\Windows\system32\sk-SK
2009-05-30 06:10:29 ----D---- C:\Windows\system32\lv-LV
2009-05-30 06:10:29 ----D---- C:\Windows\system32\ko-KR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\hr-HR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\et-EE
2009-05-30 06:10:29 ----D---- C:\Windows\system32\da-DK
2009-05-30 06:10:29 ----D---- C:\Windows\IME
2009-05-30 06:10:28 ----D---- C:\Windows\system32\en-US
2009-05-30 06:10:27 ----D---- C:\Windows\system32\sv-SE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\SLUI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\setup
2009-05-30 06:10:27 ----D---- C:\Windows\system32\ru-RU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\pt-PT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\oobe
2009-05-30 06:10:27 ----D---- C:\Windows\system32\it-IT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\hu-HU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\he-IL
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fr-FR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fi-FI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\el-GR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\de-DE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\cs-CZ
2009-05-30 06:10:27 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-TW
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-CN
2009-05-30 06:10:26 ----D---- C:\Windows\system32\wbem
2009-05-30 06:10:26 ----D---- C:\Windows\system32\uk-UA
2009-05-30 06:10:26 ----D---- C:\Windows\system32\tr-TR
2009-05-30 06:10:26 ----D---- C:\Windows\system32\th-TH
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sl-SI
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ro-RO
2009-05-30 06:10:26 ----D---- C:\Windows\system32\pl-PL
2009-05-30 06:10:26 ----D---- C:\Windows\system32\manifeststore
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ja-JP
2009-05-30 06:10:26 ----D---- C:\Windows\system32\es-ES
2009-05-30 06:10:26 ----D---- C:\Windows\system32\en
2009-05-30 06:10:26 ----D---- C:\Windows\system32\bg-BG
2009-05-30 06:10:23 ----D---- C:\Windows\system32\pt-BR
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nl-NL
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nb-NO
2009-05-30 06:10:23 ----D---- C:\Windows\system32\migwiz
2009-05-30 06:10:23 ----D---- C:\Windows\system32\lt-LT
2009-05-30 06:10:23 ----D---- C:\Windows\system32\ar-SA
2009-05-30 06:10:15 ----D---- C:\Windows\AppPatch
2009-05-30 06:10:10 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-03-24

145424]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-03-24 80400]
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2008-06-17 22016]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-04-02 50192]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-05-07 157712]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 50192]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-03-24

256528]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32

\DRIVERS\Apfiltr.sys [2008-09-04 170032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10

22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys

[2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10

29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-06-12

81960]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-12 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-06-12

29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-12 17320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32

\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-09 2473472]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;

C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys

[2009-04-10 148992]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18

26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008

-01-20 8192]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26

64000]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-12-14

393216]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02

206608]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32

\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32

\DRIVERS\yk60x86.sys [2008-09-01 304128]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys

[2008-01-20 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32

\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

[2008-07-28 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMP50a64.sys

[]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMPR5.sys []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; C:\Windows\system32\drivers\MRENDIS5.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

[2008-07-28 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MRESP50a64.sys

[]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008

-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-

01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys

[2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys

[2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys

[2008-03-02 206608]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-

01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-14 81920]
R2 Apache2.2;Remote Access Media Server; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe

[2007-09-21 15872]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01

-20 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

[2008-06-05 518696]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23

155648]
R2 dsl-db;Remote Access DB; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-09-14

5730304]
R2 dsl-fs-sync;Remote Access File Sync Service; C:\ProgramData\SingleClick Systems\Remote Access

File Sync Service\dsl_fs_sync.exe [2008-09-30 173296]
R2 hnmsvc;Advanced Networking Service; c:\ProgramData\SingleClick Systems\Advanced Networking

Service\hnm_svc.exe [2008-09-30 820464]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage

Manager\IAANTMon.exe [2008-05-07 354840]
R2 lxba_device;lxba_device; C:\Windows\system32\lxbacoms.exe [2007-04-24 537520]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend

Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search &

Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

[2009-05-19 240512]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet

Security\SfCtlCom.exe [2009-03-31 711248]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell

Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0

\STacSV.exe [2008-12-14 241746]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend

Micro\BM\TMBMSRV.exe [2009-03-24 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

[2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

[2009-03-31 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program

Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-04-21 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program

Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-07-31 1205760]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[2008-11-09 602392]
R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9

\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxLiveShare9.exe [2008-11-10 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatch9.exe [2008-11-10 170480]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-15 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050

\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source

Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9

\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe [2008-11-10 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S4 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-

09-23 303104]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-08-22

17:14:56

======Uninstall list======

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-

D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0

\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-

7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32

\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-

A91000000001}
AntiMalware-->MsiExec.exe /X{B61570DB-16C8-4700-B8A7-

EEDF3CA22593}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-

BA0B-8F495BE32033}
AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-

B8C9-5D0D92919AF5}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{51D7494B-6C54-

468F-98E1-1A9997C89329}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{51D7494B-6C54-

468F-98E1-1A9997C89329}
BlackBerry Device Software Updater-->MsiExec.exe /X{03B0EB18-

51D2-4302-B92C-BBAE869FFBBF}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-

42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X

{90120000-0020-0409-0000-0000000FF1CE}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-

3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-

FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-

A7DC-7A3D023CE045}
Dell Remote Access-->MsiExec.exe /I{F66A31D9-7831-4FBA-BA02-

C411C0047CC5}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55

-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-

903D-CB9FFD21E2E0}
Easy Duplicate Finder v. 2.2.1-->"C:\Program Files\Easy Duplicate

Finder\unins000.exe"
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6

\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-

BCA9CC4C1A22}\setup.exe"
Error Fix-->MsiExec.exe /X{99465F9E-F8F3-44C1-AA97-

67A347F3E0A1}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514

\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)--

>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA

-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)--

>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA

-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-

7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe

-uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4

-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0

-0ACD3B300C0A}
Lexmark X5100 Series-->C:\Program Files\Lexmark X5100

Series\Install\x86\Uninst.exe
Microsoft .NET Framework 3.5 SP1--

>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET

Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124

-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X

{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-

6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-

8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-

2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I

{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe

/I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe

/I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-

1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X

{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-

90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-

9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-

AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E

-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-

9A52-40C9-87E4-5E7C79791C87}
OneRiot Pulse Checker-->MsiExec.exe /I{D7F954FE-44EB-4CFB-9EC2

-CFA91264DA0E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1

\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-

9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-

564EA97DA161}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-

20B2C4C80F8F}
RC_Vista.exe-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1

\ATT\INSTALL.LOG
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-

0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-

4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-

FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD

-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-

55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-

328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-

6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-

99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{56BED62F-278A-407B-8BCD-

E645EC96D2ED}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA

-A3F187AD502E}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-

8F488AA3A782}
Spy Sweeper-->"C:\Program

Files\Webroot\WebrootSecurity\unins000.exe"

/Log="C:\Users\beth\AppData\Local\Temp\Uninstall.txt"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search &

Destroy\unins000.exe"
Trend Micro Internet Security-->C:\Program Files\Trend

Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-

4223-AFAC-7672DBF1ACDE}
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation

Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe

-runfromtemp -l0x0009 -removeonly
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9

\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-

222DA1260548}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)--

>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA

-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-

87275C4F3607} /qb+ REBOOTPROMPT=""
VSO Image Resizer 2.1.8.2-->"C:\Program Files\VSO\Image

Resizer\unins000.exe"
Walmart MP3 Music Downloads-->C:\Program Files\Walmart MP3 Music

Downloads\uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.4502-->MsiExec.exe /X

{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-

83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-

B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows

Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-

A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-

D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-

B089-0B147EF3553C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows

Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-

19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-

B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-

4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-

36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-

9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-

8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-

92ECE5F2CAE2}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE

/U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1

\UNINST~1.EXE

======Security center information======

AV: Trend Micro Internet Security
AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender
AS: AntiMalware

======System event log======

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of

setting package KB948609(Update) into Install Requested(Install

Requested) state
Record Number: 16555
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of

setting package KB948609(Update) into Install Requested(Install

Requested) state
Record Number: 16455
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of

setting package KB948609(Update) into Install Requested(Install

Requested) state
Record Number: 16450
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of

setting package KB948609(Update) into Install Requested(Install

Requested) state
Record Number: 16447
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of

setting package KB948609(Update) into Install Requested(Install

Requested) state
Record Number: 16443
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: beth-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other

applications or services. The file will be unloaded now. The applications

or services that hold your registry file may not function properly

afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-

1557764662-1018864607-510692554-1000:
Process 5160

(\Device\HarddiskVolume3\Windows\System32\svchost.exe) has

opened key \REGISTRY\USER\S-1-5-21-1557764662-1018864607-

510692554-1000

Record Number: 508
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090320204534.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM

__InstanceModificationEvent WITHIN 60 WHERE TargetInstance

ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99"

could not be reactivated in namespace "//./root/CIMV2" because of

error 0x80041003. Events cannot be delivered through this filter until

the problem is corrected.
Record Number: 499
Source Name: Microsoft-Windows-WMI
Time Written: 20090320204238.000000-000
Event Type: Error
User:

Computer Name: beth-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other

applications or services. The file will be unloaded now. The applications

or services that hold your registry file may not function properly

afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-

1557764662-1018864607-510692554-1000:
Process 580

(\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has

opened key \REGISTRY\USER\S-1-5-21-1557764662-1018864607-

510692554-1000

Record Number: 480
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090320203923.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 508
Message: Windows (2240) Windows: A request to write to the file

"C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS

.log" at offset 123392 (0x000000000001e200) for 7168 (0x00001c00)

bytes succeeded, but took an abnormally long time (7169 seconds) to be

serviced by the OS. This problem is likely due to faulty hardware.

Please contact your hardware vendor for further assistance diagnosing

the problem.
Record Number: 458
Source Name: ESENT
Time Written: 20090320184831.000000-000
Event Type: Warning
User:

Computer Name: beth-PC
Event Code: 508
Message: Windows (2240) Windows: A request to write to the file

"C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Wind

ows.edb" at offset 1146880 (0x0000000000118000) for 8192

(0x00002000) bytes succeeded, but took an abnormally long time (7168

seconds) to be serviced by the OS. This problem is likely due to faulty

hardware. Please contact your hardware vendor for further assistance

diagnosing the problem.
Record Number: 457
Source Name: ESENT
Time Written: 20090320184831.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: beth-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-

0000-000000000000}

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32

\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated

on the computer that was accessed.

The subject fields indicate the account on the local system which

requested the logon. This is most commonly a service such as the

Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most

common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was

created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated.

Workstation name is not always available and may be left blank in some

cases.

The authentication information fields provide detailed information

about this specific logon request.
- Logon GUID is a unique identifier that can be used to

correlate this event with a KDC event.
- Transited services indicate which intermediate services

have participated in this logon request.
- Package name indicates which sub-protocol was used among

the NTLM protocols.
- Key length indicates the length of the generated session

key. This will be 0 if no session key was requested.
Record Number: 451
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164510.721400-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-

0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-

0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32

\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account

by explicitly specifying that account’s credentials. This most commonly

occurs in batch-type configurations such as scheduled tasks, or when

using the RUNAS command.
Record Number: 450
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164510.721400-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4f4
Name: C:\Windows\System32\svchost.exe

Previous Time: 11:44:59 AM 3/20/2009
New Time: 11:44:59 AM 3/20/2009

This event is generated when the system time is changed. It is normal

for the Windows Time Service, which runs with System privilege, to

change the system time on a regular basis. Other system time changes

may be indicative of attempts to tamper with the computer.
Record Number: 449
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164459.661000-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4f4
Name: C:\Windows\System32\svchost.exe

Previous Time: 11:46:28 AM 3/20/2009
New Time: 11:44:59 AM 3/20/2009

This event is generated when the system time is changed. It is normal

for the Windows Time Service, which runs with System privilege, to

change the system time on a regular basis. Other system time changes

may be indicative of attempts to tamper with the computer.
Record Number: 448
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164459.646045-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1557764662-1018864607-

510692554-1000
Account Name: beth
Domain Name: beth-PC
Logon ID: 0xd539f
Record Number: 447
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090320162752.769611-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%

\System32\Wbem;C:\Program Files\Common Files\Roxio

Shared\DLLShared\;C:\Program Files\Common Files\Roxio

Shared\10.0\DLLShared\;C:\Program

Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio

Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.M

SC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10,

GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsof

t.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0

\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:31 PM

Posted 23 August 2009 - 04:08 PM

Hi bethlthealth,

I need you to turn off Word Wrap. It makes it easier to read.

In Notepad choose Format | Word Wrap. A checkmark means Word Wrap is on. Click on Word Wrap to remove the checkmark.

Please Run RSIT again and post this time with Word Wrap off.

Thanks!
PW

#10 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 25 August 2009 - 02:46 PM

Hi,
Ok, I've run RSIT four times, two from the BC folder I have on my desktop in case we need anything I've done again, then I moved it out of the folder to the desktop and ran it two times, it is only giving me the below log.txt. I'm not getting the info.txt. Do I need to go get a fresh RSIT?
Here's the log.txt it gave me.
Logfile of random's system information tool 1.06 (written by random/random)
Run by beth at 2009-08-25 14:42:51
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 126 GB (56%) free of 223 GB
Total RAM: 3034 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:58 PM, on 8/25/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\beth\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\beth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OneRiot IE Statusbar BHO - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar Powered by OneRiot - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] "C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557764662-1018864607-510692554-1001\..\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /detectMem (User 'RA Media Server')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-21-1557764662-1018864607-510692554-1001 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 14474 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Error Fix Scan.job
C:\Windows\tasks\User_Feed_Synchronization-{1F00EFA4-2BFA-4A24-AD27-C83F2EB99E9B}.job
C:\Windows\tasks\wrSpySweeper_LFCA07AB18D2246EBAE388E24F84578B4.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F28D74EC-B064-4402-926D-E00687233421}]
OneRiot IE Statusbar BHO - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll [2009-01-28 139024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - Toolbar Powered by OneRiot - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll [2009-01-28 143632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-09-04 200704]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-12-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-12-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-12-09 154136]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2008-08-27 1662032]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-12-14 483420]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-06-05 615696]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-11-10 236016]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-03-24 492808]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe

C:\Users\beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-03-15 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-09 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-24 16:20:20 ----D---- C:\Program Files\Safari
2009-08-24 15:55:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-24 15:55:17 ----A---- C:\Windows\system32\GEARAspi.dll
2009-08-24 15:54:56 ----D---- C:\Program Files\iPod
2009-08-24 15:54:54 ----D---- C:\Program Files\iTunes
2009-08-24 15:54:40 ----D---- C:\Program Files\Bonjour
2009-08-24 15:52:58 ----D---- C:\Program Files\Common Files\Apple
2009-08-24 15:05:25 ----D---- C:\Program Files\QuickTime
2009-08-24 15:03:47 ----SHD---- C:\Config.Msi
2009-08-24 14:46:00 ----A---- C:\Windows\system32\javaws.exe
2009-08-24 14:46:00 ----A---- C:\Windows\system32\javaw.exe
2009-08-24 14:46:00 ----A---- C:\Windows\system32\java.exe
2009-08-22 17:14:15 ----D---- C:\rsit
2009-08-12 04:27:16 ----A---- C:\Windows\system32\atl.dll
2009-08-12 04:27:12 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 04:27:08 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 04:27:05 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 04:26:59 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 04:26:58 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 04:26:57 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 12:19:51 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-01 10:13:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-31 08:47:28 ----A---- C:\Windows\system32\capicom.dll
2009-07-31 08:47:08 ----D---- C:\Program Files\MSSOAP
2009-07-31 08:47:08 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-31 08:46:56 ----D---- C:\Program Files\Webroot
2009-07-31 08:46:56 ----A---- C:\Windows\WRSetup.dll
2009-07-29 09:40:32 ----A---- C:\AuResult.ini
2009-07-29 07:36:18 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 07:36:17 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\occache.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 07:36:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-15 08:58:21 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 23:41:39 ----D---- C:\Program Files\eBay
2009-07-07 14:34:18 ----D---- C:\Program Files\Downloaded Installers
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\roboex32.dll
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\inetwh32.dll
2009-06-26 19:29:01 ----D---- C:\Documents and Settings\releaseengineer\Application Data\Microsoft
2009-06-26 19:28:19 ----D---- C:\Program Files\Yahoo!
2009-06-24 01:08:39 ----D---- C:\Program Files\Walmart MP3 Music Downloads
2009-06-17 03:01:09 ----D---- C:\Program Files\MSXML 4.0
2009-06-16 01:48:01 ----D---- C:\Program Files\Common Files\Research In Motion
2009-06-16 01:47:53 ----D---- C:\Program Files\Research In Motion
2009-06-10 23:37:27 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 23:37:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-05-30 06:10:11 ----D---- C:\Windows\system32\eu-ES
2009-05-30 06:10:11 ----D---- C:\Windows\system32\ca-ES
2009-05-30 06:10:10 ----D---- C:\Windows\system32\vi-VN
2009-05-30 05:54:04 ----D---- C:\Windows\system32\EventProviders
2009-05-30 05:53:22 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-30 05:53:20 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-30 05:53:19 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-30 05:53:18 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-30 05:53:18 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-30 05:53:17 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-30 05:53:16 ----A---- C:\Windows\system32\mssrch.dll
2009-05-30 05:53:15 ----A---- C:\Windows\system32\tquery.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\scavenge.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-30 05:53:12 ----A---- C:\Windows\system32\msi.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\sysmain.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\mf.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\icardagt.exe
2009-05-30 05:53:09 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spwizui.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spreview.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spinstall.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\shell32.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\secproc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-30 05:53:07 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mssvp.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssph.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mscoree.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\imapi2.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-30 05:53:05 ----A---- C:\Windows\system32\esent.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\sperror.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-30 05:53:04 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-30 05:53:04 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\SLC.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-30 05:53:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\msshsq.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-30 05:53:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-30 05:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msxml6.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msjet40.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\Query.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\qmgr.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\msexch40.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\diagperf.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\winload.exe
2009-05-30 05:52:59 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ole32.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ntdll.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\msxml3.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\uDWM.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\riched20.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mmc.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mblctr.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\fdBth.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\EncDec.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\dfsr.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\milcore.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\kernel32.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\spoolss.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\gpedit.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\fsquirt.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\Magnify.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\es.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\slwmi.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\mstext40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\advapi32.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\vssapi.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\authui.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\propsys.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-30 05:52:51 ----A---- C:\Windows\system32\newdev.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\setupapi.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\rpcss.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-30 05:52:50 ----A---- C:\Windows\system32\crypt32.dll
2009-05-30 05:52:50 ----A---- C:\Windows\explorer.exe
2009-05-30 05:52:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\msltus40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mfc42.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\davclnt.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\d3d9.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\photowiz.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\browseui.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\user32.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\samsrv.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\quartz.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\ci.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\win32spl.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-30 05:52:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\kerberos.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\winhttp.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\netshell.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-30 05:52:45 ----A---- C:\Windows\system32\compcln.exe
2009-05-30 05:52:45 ----A---- C:\Windows\system32\apds.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msctf.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\gdi32.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\SLUI.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\eapphost.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\winresume.exe
2009-05-30 05:52:42 ----A---- C:\Windows\system32\propdefs.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\odbc32.dll
2009-05-30 05:52:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-30 05:52:40 ----A---- C:\Windows\system32\swprv.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-30 05:52:39 ----A---- C:\Windows\system32\usp10.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\vds.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\schannel.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\netlogon.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msscb.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msctfp.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\drvinst.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\devmgr.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\BFE.DLL
2009-05-30 05:52:38 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-30 05:52:37 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\evr.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\wercon.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\services.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\adtschema.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\certcli.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\taskeng.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\reg.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msjter40.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdrm.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\certutil.exe
2009-05-30 05:52:33 ----A---- C:\Windows\system32\w32time.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msshooks.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bthserv.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-30 05:52:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msstrc.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msihnd.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\netapi32.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mscories.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\inetpp.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\hidserv.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\fundisc.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\dfshim.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\termsrv.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\profsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\msiexec.exe
2009-05-30 05:52:29 ----A---- C:\Windows\system32\imapi.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\gameux.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\wdc.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\rasmans.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\pnidui.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\icardres.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\iassdo.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-30 05:52:27 ----A---- C:\Windows\system32\scrrun.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\autofmt.exe
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wersvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-30 05:52:26 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pdh.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\azroles.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\winlogon.exe
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\comuid.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\wisptis.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\untfs.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\spp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\sethc.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\scrobj.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\rtutils.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\kd1394.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\iassam.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\dwm.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\certmgr.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\printui.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\iasnap.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\autochk.exe
2009-05-30 05:52:22 ----A---- C:\Windows\system32\winsrv.dll
2009-05-30 05:52:22 ----A---- C:\Windows\system32\autoconv.exe
2009-05-30 05:52:21 ----A---- C:\Windows\system32\cscript.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\wow32.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\userenv.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\osk.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\onex.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\mswsock.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdusb.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdcom.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\basecsp.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\audiodg.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\winmm.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\RelMon.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\offfilt.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\msftedit.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-30 05:52:18 ----A---- C:\Windows\system32\WerFault.exe
2009-05-30 05:52:18 ----A---- C:\Windows\system32\Utilman.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wsepno.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\sysclass.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\stobject.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\SndVol.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mscms.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mfplat.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\diskraid.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\apphelp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscript.exe
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\ulib.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\secur32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\rastapi.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-30 05:52:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\dsound.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\cryptui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\rastls.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\logman.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\gpapi.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\diskpart.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\brcpl.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\wusa.exe
2009-05-30 05:52:14 ----A---- C:\Windows\system32\regsvc.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\ntprint.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\mscorier.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\iasrad.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\findstr.exe
2009-05-30 05:52:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wshext.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\netcenter.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wer.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\uxsms.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\themecpl.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\slcc.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\scansetting.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powrprof.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powercpl.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\newdev.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\networkmap.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\msutb.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstsc.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasads.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasacct.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\connect.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\authz.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\themeui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\sud.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\samlib.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\pcaui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\usercpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\regapi.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\qdvd.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-30 05:52:09 ----A---- C:\Windows\system32\mmci.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\autoplay.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wpcao.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scksp.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scesrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-30 05:52:08 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\oleprn.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\mpr.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\imm32.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\feclient.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\sdclt.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\scecli.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasplap.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\qedit.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\pnpui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-30 05:52:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\DeviceEject.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\certreq.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\whealogr.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\srcore.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\raschap.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\fontext.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\conime.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanui.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\rasppp.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dsprop.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\shsetup.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\mscandui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\modemui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-30 05:52:02 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\smss.exe
2009-05-30 05:52:01 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\dataclen.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\credui.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\blackbox.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\certprop.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wscapi.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msscp.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msimtf.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\logagent.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\InkEd.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\ifmon.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\gpresult.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\cipher.exe
2009-05-30 05:51:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\softkbd.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\sendmail.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\olepro32.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\msctfui.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\wshbth.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\version.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\puiapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\msisip.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\mprapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\input.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\fc.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\cdd.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\dmusic.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\cscapi.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\msjint40.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\ftp.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\cscdll.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\Storprop.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\slcinst.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdial.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\mfps.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthci.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\aaclient.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\nslookup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mmcico.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\csrstub.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\cbsra.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\atmlib.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\winrnr.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\slwga.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\midimap.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\inetppui.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\msimsg.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\mferror.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-30 05:51:30 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\wdscore.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-30 05:51:19 ----A---- C:\Windows\system32\drvstore.dll
2009-05-30 01:38:57 ----A---- C:\Windows\uninst.exe

======List of files/folders modified in the last 3 months======

2009-08-25 14:42:54 ----D---- C:\Windows\Temp
2009-08-25 13:14:06 ----D---- C:\Windows\system32\catroot
2009-08-25 13:14:04 ----D---- C:\Windows\system32\catroot2
2009-08-25 13:14:01 ----D---- C:\Windows\winsxs
2009-08-25 02:26:55 ----D---- C:\Windows
2009-08-24 16:20:37 ----SHD---- C:\Windows\Installer
2009-08-24 16:20:20 ----D---- C:\Program Files
2009-08-24 16:05:37 ----SHD---- C:\System Volume Information
2009-08-24 15:55:19 ----D---- C:\Windows\system32\drivers
2009-08-24 15:55:19 ----D---- C:\Windows\System32
2009-08-24 15:54:54 ----HD---- C:\ProgramData
2009-08-24 15:54:21 ----D---- C:\Windows\inf
2009-08-24 15:52:58 ----D---- C:\Program Files\Common Files
2009-08-24 14:44:12 ----D---- C:\Program Files\Java
2009-08-24 12:23:03 ----D---- C:\Windows\system32\Service
2009-08-24 03:01:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-08-24 00:42:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-20 10:02:05 ----D---- C:\beth
2009-08-18 11:11:50 ----SD---- C:\Windows\Downloaded Program Files
2009-08-17 23:35:14 ----D---- C:\Windows\Prefetch
2009-08-16 12:23:23 ----D---- C:\Windows\Debug
2009-08-13 03:08:40 ----D---- C:\Program Files\Windows Media Player
2009-08-13 03:02:36 ----D---- C:\Program Files\Windows Mail
2009-07-31 22:03:23 ----SHD---- C:\$Recycle.Bin
2009-07-31 14:30:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 09:05:40 ----D---- C:\Windows\system32\Tasks
2009-07-31 09:05:39 ----D---- C:\Windows\Tasks
2009-07-29 19:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-29 09:46:54 ----D---- C:\Windows\system32\migration
2009-07-29 09:46:54 ----D---- C:\Program Files\Internet Explorer
2009-07-26 22:18:08 ----D---- C:\Program Files\Dell DataSafe Online
2009-07-25 05:23:00 ----A---- C:\Windows\system32\deploytk.dll
2009-07-20 14:28:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-20 14:28:37 ----D---- C:\Program Files\Trend Micro
2009-07-11 23:43:04 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-05 13:03:28 ----D---- C:\Windows\Minidump
2009-06-26 19:29:01 ----RD---- C:\Users
2009-06-24 14:01:31 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-06-24 14:00:14 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-06-24 14:00:07 ----RSD---- C:\Windows\Fonts
2009-06-24 13:59:57 ----D---- C:\Program Files\Roxio
2009-06-24 13:59:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-06-23 23:25:08 ----A---- C:\Windows\Lexstat.ini
2009-06-23 14:40:11 ----D---- C:\Windows\Microsoft.NET
2009-06-16 01:50:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-10 23:41:45 ----D---- C:\Program Files\Microsoft Works
2009-06-08 03:52:12 ----D---- C:\Program Files\Oberon Media
2009-05-30 06:33:16 ----RSD---- C:\Windows\assembly
2009-05-30 06:29:16 ----D---- C:\Windows\rescache
2009-05-30 06:17:01 ----SHD---- C:\boot
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Sidebar
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Collaboration
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Calendar
2009-05-30 06:10:32 ----D---- C:\Program Files\Movie Maker
2009-05-30 06:10:31 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-30 06:10:31 ----D---- C:\Program Files\Common Files\System
2009-05-30 06:10:30 ----D---- C:\Windows\servicing
2009-05-30 06:10:30 ----D---- C:\Program Files\Windows Defender
2009-05-30 06:10:29 ----D---- C:\Windows\system32\XPSViewer
2009-05-30 06:10:29 ----D---- C:\Windows\system32\sk-SK
2009-05-30 06:10:29 ----D---- C:\Windows\system32\lv-LV
2009-05-30 06:10:29 ----D---- C:\Windows\system32\ko-KR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\hr-HR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\et-EE
2009-05-30 06:10:29 ----D---- C:\Windows\system32\da-DK
2009-05-30 06:10:29 ----D---- C:\Windows\IME
2009-05-30 06:10:28 ----D---- C:\Windows\system32\en-US
2009-05-30 06:10:27 ----D---- C:\Windows\system32\sv-SE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\SLUI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\setup
2009-05-30 06:10:27 ----D---- C:\Windows\system32\ru-RU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\pt-PT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\oobe
2009-05-30 06:10:27 ----D---- C:\Windows\system32\it-IT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\hu-HU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\he-IL
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fr-FR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fi-FI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\el-GR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\de-DE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\cs-CZ
2009-05-30 06:10:27 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-TW
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-CN
2009-05-30 06:10:26 ----D---- C:\Windows\system32\wbem
2009-05-30 06:10:26 ----D---- C:\Windows\system32\uk-UA
2009-05-30 06:10:26 ----D---- C:\Windows\system32\tr-TR
2009-05-30 06:10:26 ----D---- C:\Windows\system32\th-TH
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sl-SI
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ro-RO
2009-05-30 06:10:26 ----D---- C:\Windows\system32\pl-PL
2009-05-30 06:10:26 ----D---- C:\Windows\system32\manifeststore
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ja-JP
2009-05-30 06:10:26 ----D---- C:\Windows\system32\es-ES
2009-05-30 06:10:26 ----D---- C:\Windows\system32\en
2009-05-30 06:10:26 ----D---- C:\Windows\system32\bg-BG
2009-05-30 06:10:23 ----D---- C:\Windows\system32\pt-BR
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nl-NL
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nb-NO
2009-05-30 06:10:23 ----D---- C:\Windows\system32\migwiz
2009-05-30 06:10:23 ----D---- C:\Windows\system32\lt-LT
2009-05-30 06:10:23 ----D---- C:\Windows\system32\ar-SA
2009-05-30 06:10:15 ----D---- C:\Windows\AppPatch
2009-05-30 06:10:10 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-03-24 145424]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-03-24 80400]
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2008-06-17 22016]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-04-02 50192]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-05-07 157712]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 50192]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-03-24 256528]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-09-04 170032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-06-12 81960]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-12 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-06-12 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-12 17320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-09 2473472]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-12-14 393216]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-01 304128]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-07-28 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMP50a64.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMPR5.sys []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; C:\Windows\system32\drivers\MRENDIS5.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-07-28 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MRESP50a64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-14 81920]
R2 Apache2.2;Remote Access Media Server; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-09-21 15872]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-06-05 518696]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 dsl-db;Remote Access DB; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-09-30 173296]
R2 hnmsvc;Advanced Networking Service; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [2008-09-30 820464]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 lxba_device;lxba_device; C:\Windows\system32\lxbacoms.exe [2007-04-24 537520]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [2008-12-14 241746]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-24 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-04-21 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-07-31 1205760]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-11-10 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-11-10 170480]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-15 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-11-10 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S4 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]

-----------------EOF-----------------

#11 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 25 August 2009 - 02:51 PM

Shoot, I have both of the last log.txt and the info.txt saved to a folder in the c / RSIT....sigh...so sorry, here they are, minus the word wrap.
Logfile of random's system information tool 1.06 (written by random/random)
Run by beth at 2009-08-22 17:14:15
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 126 GB (57%) free of 223 GB
Total RAM: 3034 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:46 PM, on 8/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Users\beth\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\beth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: OneRiot IE Statusbar BHO - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Toolbar Powered by OneRiot - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] "C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557764662-1018864607-510692554-1001\..\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /detectMem (User 'RA Media Server')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-21-1557764662-1018864607-510692554-1001 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 13836 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Error Fix Scan.job
C:\Windows\tasks\User_Feed_Synchronization-{1F00EFA4-2BFA-4A24-AD27-C83F2EB99E9B}.job
C:\Windows\tasks\wrSpySweeper_LFCA07AB18D2246EBAE388E24F84578B4.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F28D74EC-B064-4402-926D-E00687233421}]
OneRiot IE Statusbar BHO - C:\Program Files\OneRiot\Browser Add-ons\IEStatusbar.dll [2009-01-28 139024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - Toolbar Powered by OneRiot - C:\Program Files\OneRiot\Browser Add-ons\IEToolbar.dll [2009-01-28 143632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-09-04 200704]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-12-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-12-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-12-09 154136]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2008-08-27 1662032]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-12-14 483420]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-06-05 615696]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-11-10 236016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-03-24 492808]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe

C:\Users\beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-03-15 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-09 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoThumbnailCache"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-22 17:14:15 ----D---- C:\rsit
2009-08-12 04:27:16 ----A---- C:\Windows\system32\atl.dll
2009-08-12 04:27:12 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 04:27:08 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 04:27:05 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 04:26:59 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 04:26:58 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 04:26:57 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 04:26:57 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-07 12:19:51 ----D---- C:\Program Files\Windows Live Safety Center
2009-08-01 10:13:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-31 08:47:28 ----A---- C:\Windows\system32\capicom.dll
2009-07-31 08:47:08 ----D---- C:\Program Files\MSSOAP
2009-07-31 08:47:08 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-31 08:46:56 ----D---- C:\Program Files\Webroot
2009-07-31 08:46:56 ----A---- C:\Windows\WRSetup.dll
2009-07-29 09:40:32 ----A---- C:\AuResult.ini
2009-07-29 07:36:18 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 07:36:17 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\occache.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 07:36:16 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 07:36:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 07:36:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 07:36:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\javaws.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\javaw.exe
2009-07-20 01:16:21 ----A---- C:\Windows\system32\java.exe
2009-07-15 08:58:21 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 08:58:21 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 23:41:39 ----D---- C:\Program Files\eBay
2009-07-07 14:34:18 ----D---- C:\Program Files\Downloaded Installers
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\roboex32.dll
2009-06-30 16:34:22 ----RA---- C:\Windows\system32\inetwh32.dll
2009-06-26 19:29:01 ----D---- C:\Documents and Settings\releaseengineer\Application Data\Microsoft
2009-06-26 19:28:19 ----D---- C:\Program Files\Yahoo!
2009-06-24 01:08:39 ----D---- C:\Program Files\Walmart MP3 Music Downloads
2009-06-17 03:01:09 ----D---- C:\Program Files\MSXML 4.0
2009-06-16 01:48:01 ----D---- C:\Program Files\Common Files\Research In Motion
2009-06-16 01:47:53 ----D---- C:\Program Files\Research In Motion
2009-06-10 23:37:27 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 23:37:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-05-30 06:10:11 ----D---- C:\Windows\system32\eu-ES
2009-05-30 06:10:11 ----D---- C:\Windows\system32\ca-ES
2009-05-30 06:10:10 ----D---- C:\Windows\system32\vi-VN
2009-05-30 05:54:04 ----D---- C:\Windows\system32\EventProviders
2009-05-30 05:53:22 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-30 05:53:20 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-30 05:53:19 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-30 05:53:18 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-30 05:53:18 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-30 05:53:17 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-30 05:53:16 ----A---- C:\Windows\system32\mssrch.dll
2009-05-30 05:53:15 ----A---- C:\Windows\system32\tquery.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-30 05:53:14 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\scavenge.dll
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-30 05:53:13 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-30 05:53:12 ----A---- C:\Windows\system32\msi.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\sysmain.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-30 05:53:11 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\mf.dll
2009-05-30 05:53:10 ----A---- C:\Windows\system32\icardagt.exe
2009-05-30 05:53:09 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spwizui.dll
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spreview.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\spinstall.exe
2009-05-30 05:53:08 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\shell32.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\secproc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-30 05:53:07 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mssvp.dll
2009-05-30 05:53:07 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mssph.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\mscoree.dll
2009-05-30 05:53:06 ----A---- C:\Windows\system32\imapi2.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-30 05:53:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-30 05:53:05 ----A---- C:\Windows\system32\esent.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\sperror.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-30 05:53:04 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-30 05:53:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-30 05:53:04 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\SLC.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-30 05:53:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\msshsq.dll
2009-05-30 05:53:03 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-30 05:53:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-30 05:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msxml6.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\msjet40.dll
2009-05-30 05:53:01 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\Query.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\qmgr.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\msexch40.dll
2009-05-30 05:53:00 ----A---- C:\Windows\system32\diagperf.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\winload.exe
2009-05-30 05:52:59 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ole32.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\ntdll.dll
2009-05-30 05:52:59 ----A---- C:\Windows\system32\msxml3.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\uDWM.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\riched20.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mmc.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\mblctr.exe
2009-05-30 05:52:58 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\fdBth.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\EncDec.dll
2009-05-30 05:52:58 ----A---- C:\Windows\system32\dfsr.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-30 05:52:57 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\milcore.dll
2009-05-30 05:52:57 ----A---- C:\Windows\system32\kernel32.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\spoolss.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-30 05:52:56 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\gpedit.dll
2009-05-30 05:52:55 ----A---- C:\Windows\system32\fsquirt.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\Magnify.exe
2009-05-30 05:52:54 ----A---- C:\Windows\system32\es.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\slwmi.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\mstext40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-30 05:52:53 ----A---- C:\Windows\system32\advapi32.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\vssapi.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-30 05:52:52 ----A---- C:\Windows\system32\authui.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\propsys.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-30 05:52:51 ----A---- C:\Windows\system32\newdev.dll
2009-05-30 05:52:51 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\setupapi.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\rpcss.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-30 05:52:50 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-30 05:52:50 ----A---- C:\Windows\system32\crypt32.dll
2009-05-30 05:52:50 ----A---- C:\Windows\explorer.exe
2009-05-30 05:52:49 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\msltus40.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\mfc42.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\davclnt.dll
2009-05-30 05:52:49 ----A---- C:\Windows\system32\d3d9.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\photowiz.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-30 05:52:48 ----A---- C:\Windows\system32\browseui.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\user32.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\samsrv.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\quartz.dll
2009-05-30 05:52:47 ----A---- C:\Windows\system32\ci.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\win32spl.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-30 05:52:46 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-30 05:52:46 ----A---- C:\Windows\system32\kerberos.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\winhttp.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\netshell.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-30 05:52:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-30 05:52:45 ----A---- C:\Windows\system32\compcln.exe
2009-05-30 05:52:45 ----A---- C:\Windows\system32\apds.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\msctf.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\gdi32.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-30 05:52:44 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\SLUI.exe
2009-05-30 05:52:43 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-30 05:52:43 ----A---- C:\Windows\system32\eapphost.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\winresume.exe
2009-05-30 05:52:42 ----A---- C:\Windows\system32\propdefs.dll
2009-05-30 05:52:42 ----A---- C:\Windows\system32\odbc32.dll
2009-05-30 05:52:41 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-30 05:52:40 ----A---- C:\Windows\system32\swprv.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-30 05:52:40 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-30 05:52:39 ----A---- C:\Windows\system32\usp10.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\vds.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\schannel.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\netlogon.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msscb.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\msctfp.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\drvinst.exe
2009-05-30 05:52:38 ----A---- C:\Windows\system32\devmgr.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-30 05:52:38 ----A---- C:\Windows\system32\BFE.DLL
2009-05-30 05:52:38 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-30 05:52:37 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-30 05:52:37 ----A---- C:\Windows\system32\evr.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\wercon.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\services.exe
2009-05-30 05:52:36 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-30 05:52:36 ----A---- C:\Windows\system32\adtschema.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-30 05:52:35 ----A---- C:\Windows\system32\certcli.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\taskeng.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\reg.exe
2009-05-30 05:52:34 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msjter40.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\msdrm.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-30 05:52:34 ----A---- C:\Windows\system32\certutil.exe
2009-05-30 05:52:33 ----A---- C:\Windows\system32\w32time.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msshooks.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bthserv.dll
2009-05-30 05:52:33 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-30 05:52:32 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msstrc.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\msihnd.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-30 05:52:32 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\netapi32.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\mscories.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\inetpp.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\hidserv.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\fundisc.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\dfshim.dll
2009-05-30 05:52:31 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\termsrv.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\profsvc.dll
2009-05-30 05:52:30 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\msiexec.exe
2009-05-30 05:52:29 ----A---- C:\Windows\system32\imapi.dll
2009-05-30 05:52:29 ----A---- C:\Windows\system32\gameux.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\wdc.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\rasmans.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\pnidui.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\icardres.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\iassdo.dll
2009-05-30 05:52:28 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-30 05:52:27 ----A---- C:\Windows\system32\scrrun.dll
2009-05-30 05:52:27 ----A---- C:\Windows\system32\autofmt.exe
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\wersvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-30 05:52:26 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\pdh.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-30 05:52:26 ----A---- C:\Windows\system32\azroles.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\winlogon.exe
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-30 05:52:25 ----A---- C:\Windows\system32\comuid.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\wisptis.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\untfs.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\spp.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\sethc.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\scrobj.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\rtutils.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\kd1394.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\iassam.dll
2009-05-30 05:52:24 ----A---- C:\Windows\system32\dwm.exe
2009-05-30 05:52:24 ----A---- C:\Windows\system32\certmgr.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\printui.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\iasnap.dll
2009-05-30 05:52:23 ----A---- C:\Windows\system32\autochk.exe
2009-05-30 05:52:22 ----A---- C:\Windows\system32\winsrv.dll
2009-05-30 05:52:22 ----A---- C:\Windows\system32\autoconv.exe
2009-05-30 05:52:21 ----A---- C:\Windows\system32\cscript.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\wow32.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\userenv.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\osk.exe
2009-05-30 05:52:20 ----A---- C:\Windows\system32\onex.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\mswsock.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdusb.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\kdcom.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\basecsp.dll
2009-05-30 05:52:20 ----A---- C:\Windows\system32\audiodg.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\winmm.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-30 05:52:19 ----A---- C:\Windows\system32\RelMon.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\offfilt.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\msftedit.dll
2009-05-30 05:52:19 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-30 05:52:18 ----A---- C:\Windows\system32\WerFault.exe
2009-05-30 05:52:18 ----A---- C:\Windows\system32\Utilman.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wsepno.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\sysclass.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\stobject.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\SndVol.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mscms.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\mfplat.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\diskraid.exe
2009-05-30 05:52:17 ----A---- C:\Windows\system32\apphelp.dll
2009-05-30 05:52:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscript.exe
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\ulib.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\secur32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\rastapi.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-30 05:52:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\dsound.dll
2009-05-30 05:52:16 ----A---- C:\Windows\system32\cryptui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-30 05:52:15 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\rastls.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\logman.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\gpapi.dll
2009-05-30 05:52:15 ----A---- C:\Windows\system32\diskpart.exe
2009-05-30 05:52:15 ----A---- C:\Windows\system32\brcpl.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\wusa.exe
2009-05-30 05:52:14 ----A---- C:\Windows\system32\regsvc.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\ntprint.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\mscorier.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\iasrad.dll
2009-05-30 05:52:14 ----A---- C:\Windows\system32\findstr.exe
2009-05-30 05:52:13 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wshext.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-30 05:52:13 ----A---- C:\Windows\system32\netcenter.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\wer.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\uxsms.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\themecpl.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-30 05:52:12 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\slcc.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\scansetting.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powrprof.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\powercpl.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\newdev.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\networkmap.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\msutb.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstsc.exe
2009-05-30 05:52:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasads.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\iasacct.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\connect.dll
2009-05-30 05:52:11 ----A---- C:\Windows\system32\authz.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\themeui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\sud.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\samlib.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\pcaui.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-30 05:52:10 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\usercpl.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\regapi.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\qdvd.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-30 05:52:09 ----A---- C:\Windows\system32\mmci.dll
2009-05-30 05:52:09 ----A---- C:\Windows\system32\autoplay.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\wpcao.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scksp.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\scesrv.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-30 05:52:08 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\oleprn.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\mpr.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\imm32.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\feclient.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-30 05:52:08 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\sdclt.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\scecli.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasplap.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\qedit.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\pnpui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-30 05:52:07 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-30 05:52:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\DeviceEject.exe
2009-05-30 05:52:07 ----A---- C:\Windows\system32\certreq.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\whealogr.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\srcore.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-30 05:52:06 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-30 05:52:06 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\raschap.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\fontext.dll
2009-05-30 05:52:05 ----A---- C:\Windows\system32\conime.exe
2009-05-30 05:52:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanui.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\rasppp.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dsprop.dll
2009-05-30 05:52:04 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\shsetup.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\mscandui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\modemui.dll
2009-05-30 05:52:03 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-30 05:52:02 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\smss.exe
2009-05-30 05:52:01 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\dataclen.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\credui.dll
2009-05-30 05:52:01 ----A---- C:\Windows\system32\blackbox.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-30 05:52:00 ----A---- C:\Windows\system32\certprop.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wscapi.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msscp.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\msimtf.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\logagent.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\InkEd.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\ifmon.dll
2009-05-30 05:51:59 ----A---- C:\Windows\system32\gpresult.exe
2009-05-30 05:51:59 ----A---- C:\Windows\system32\cipher.exe
2009-05-30 05:51:58 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\softkbd.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\sendmail.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\olepro32.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\msctfui.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-30 05:51:58 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\wshbth.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\version.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\puiapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\msisip.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\mprapi.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\input.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\fc.exe
2009-05-30 05:51:57 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-30 05:51:57 ----A---- C:\Windows\system32\cdd.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\dmusic.dll
2009-05-30 05:51:56 ----A---- C:\Windows\system32\cscapi.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\msjint40.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\ftp.exe
2009-05-30 05:51:55 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-30 05:51:55 ----A---- C:\Windows\system32\cscdll.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\Storprop.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\slcinst.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdial.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\mfps.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-30 05:51:54 ----A---- C:\Windows\system32\bthci.dll
2009-05-30 05:51:54 ----A---- C:\Windows\system32\aaclient.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\nslookup.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mmcico.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-30 05:51:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-30 05:51:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\csrstub.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\cbsra.exe
2009-05-30 05:51:52 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-30 05:51:52 ----A---- C:\Windows\system32\atmlib.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-30 05:51:51 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\winrnr.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\slwga.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\midimap.dll
2009-05-30 05:51:50 ----A---- C:\Windows\system32\inetppui.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\msimsg.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\mferror.dll
2009-05-30 05:51:46 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-30 05:51:30 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\wdscore.dll
2009-05-30 05:51:27 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-30 05:51:19 ----A---- C:\Windows\system32\drvstore.dll
2009-05-30 01:38:57 ----A---- C:\Windows\uninst.exe

======List of files/folders modified in the last 3 months======

2009-08-22 17:14:18 ----D---- C:\Windows\Temp
2009-08-21 02:24:48 ----SHD---- C:\System Volume Information
2009-08-21 01:28:25 ----D---- C:\Windows\System32
2009-08-21 01:28:25 ----D---- C:\Windows\inf
2009-08-21 01:28:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-20 19:30:36 ----SHD---- C:\Windows\Installer
2009-08-20 19:30:35 ----D---- C:\Program Files
2009-08-20 10:02:05 ----D---- C:\beth
2009-08-18 11:11:57 ----HD---- C:\ProgramData
2009-08-18 11:11:50 ----SD---- C:\Windows\Downloaded Program Files
2009-08-18 11:07:58 ----D---- C:\Windows
2009-08-17 23:35:14 ----D---- C:\Windows\Prefetch
2009-08-16 17:56:19 ----D---- C:\Windows\system32\catroot2
2009-08-16 12:23:23 ----D---- C:\Windows\Debug
2009-08-15 17:16:53 ----D---- C:\Windows\system32\Service
2009-08-14 08:47:10 ----D---- C:\Windows\system32\catroot
2009-08-14 08:47:07 ----D---- C:\Windows\winsxs
2009-08-13 03:08:40 ----D---- C:\Program Files\Windows Media Player
2009-08-13 03:02:36 ----D---- C:\Program Files\Windows Mail
2009-07-31 22:03:23 ----SHD---- C:\$Recycle.Bin
2009-07-31 14:30:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 09:05:40 ----D---- C:\Windows\system32\Tasks
2009-07-31 09:05:39 ----D---- C:\Windows\Tasks
2009-07-31 08:47:08 ----D---- C:\Program Files\Common Files
2009-07-31 08:47:01 ----D---- C:\Windows\system32\drivers
2009-07-29 19:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-29 09:46:54 ----D---- C:\Windows\system32\migration
2009-07-29 09:46:54 ----D---- C:\Program Files\Internet Explorer
2009-07-26 22:18:08 ----D---- C:\Program Files\Dell DataSafe Online
2009-07-20 14:28:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-20 14:28:37 ----D---- C:\Program Files\Trend Micro
2009-07-20 01:16:17 ----D---- C:\Program Files\Java
2009-07-11 23:43:04 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-05 13:03:28 ----D---- C:\Windows\Minidump
2009-06-26 19:29:01 ----RD---- C:\Users
2009-06-24 14:01:31 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-06-24 14:00:14 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-06-24 14:00:07 ----RSD---- C:\Windows\Fonts
2009-06-24 13:59:57 ----D---- C:\Program Files\Roxio
2009-06-24 13:59:09 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-06-23 23:25:08 ----A---- C:\Windows\Lexstat.ini
2009-06-23 14:40:11 ----D---- C:\Windows\Microsoft.NET
2009-06-16 01:50:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-10 23:41:45 ----D---- C:\Program Files\Microsoft Works
2009-06-08 03:52:12 ----D---- C:\Program Files\Oberon Media
2009-05-30 06:33:16 ----RSD---- C:\Windows\assembly
2009-05-30 06:29:16 ----D---- C:\Windows\rescache
2009-05-30 06:17:01 ----SHD---- C:\boot
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Sidebar
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Collaboration
2009-05-30 06:10:32 ----D---- C:\Program Files\Windows Calendar
2009-05-30 06:10:32 ----D---- C:\Program Files\Movie Maker
2009-05-30 06:10:31 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-30 06:10:31 ----D---- C:\Program Files\Common Files\System
2009-05-30 06:10:30 ----D---- C:\Windows\servicing
2009-05-30 06:10:30 ----D---- C:\Program Files\Windows Defender
2009-05-30 06:10:29 ----D---- C:\Windows\system32\XPSViewer
2009-05-30 06:10:29 ----D---- C:\Windows\system32\sk-SK
2009-05-30 06:10:29 ----D---- C:\Windows\system32\lv-LV
2009-05-30 06:10:29 ----D---- C:\Windows\system32\ko-KR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\hr-HR
2009-05-30 06:10:29 ----D---- C:\Windows\system32\et-EE
2009-05-30 06:10:29 ----D---- C:\Windows\system32\da-DK
2009-05-30 06:10:29 ----D---- C:\Windows\IME
2009-05-30 06:10:28 ----D---- C:\Windows\system32\en-US
2009-05-30 06:10:27 ----D---- C:\Windows\system32\sv-SE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\SLUI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\setup
2009-05-30 06:10:27 ----D---- C:\Windows\system32\ru-RU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\pt-PT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\oobe
2009-05-30 06:10:27 ----D---- C:\Windows\system32\it-IT
2009-05-30 06:10:27 ----D---- C:\Windows\system32\hu-HU
2009-05-30 06:10:27 ----D---- C:\Windows\system32\he-IL
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fr-FR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\fi-FI
2009-05-30 06:10:27 ----D---- C:\Windows\system32\el-GR
2009-05-30 06:10:27 ----D---- C:\Windows\system32\de-DE
2009-05-30 06:10:27 ----D---- C:\Windows\system32\cs-CZ
2009-05-30 06:10:27 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-TW
2009-05-30 06:10:26 ----D---- C:\Windows\system32\zh-CN
2009-05-30 06:10:26 ----D---- C:\Windows\system32\wbem
2009-05-30 06:10:26 ----D---- C:\Windows\system32\uk-UA
2009-05-30 06:10:26 ----D---- C:\Windows\system32\tr-TR
2009-05-30 06:10:26 ----D---- C:\Windows\system32\th-TH
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-30 06:10:26 ----D---- C:\Windows\system32\sl-SI
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ro-RO
2009-05-30 06:10:26 ----D---- C:\Windows\system32\pl-PL
2009-05-30 06:10:26 ----D---- C:\Windows\system32\manifeststore
2009-05-30 06:10:26 ----D---- C:\Windows\system32\ja-JP
2009-05-30 06:10:26 ----D---- C:\Windows\system32\es-ES
2009-05-30 06:10:26 ----D---- C:\Windows\system32\en
2009-05-30 06:10:26 ----D---- C:\Windows\system32\bg-BG
2009-05-30 06:10:23 ----D---- C:\Windows\system32\pt-BR
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nl-NL
2009-05-30 06:10:23 ----D---- C:\Windows\system32\nb-NO
2009-05-30 06:10:23 ----D---- C:\Windows\system32\migwiz
2009-05-30 06:10:23 ----D---- C:\Windows\system32\lt-LT
2009-05-30 06:10:23 ----D---- C:\Windows\system32\ar-SA
2009-05-30 06:10:15 ----D---- C:\Windows\AppPatch
2009-05-30 06:10:10 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-03-24 145424]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-03-24 80400]
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2008-06-17 22016]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-04-02 50192]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-05-07 157712]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 50192]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-03-24 256528]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-09-04 170032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-06-12 81960]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-12 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-06-12 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-12 17320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-09 2473472]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-12-14 393216]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-01 304128]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-07-28 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMP50a64.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMPR5.sys []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; C:\Windows\system32\drivers\MRENDIS5.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-07-28 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MRESP50a64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-14 81920]
R2 Apache2.2;Remote Access Media Server; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-09-21 15872]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-06-05 518696]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 dsl-db;Remote Access DB; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-09-30 173296]
R2 hnmsvc;Advanced Networking Service; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [2008-09-30 820464]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 lxba_device;lxba_device; C:\Windows\system32\lxbacoms.exe [2007-04-24 537520]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [2008-12-14 241746]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-24 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-04-21 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-07-31 1205760]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R2 yksvc;Marvell Yukon Service; ykx32coinst,serviceStartProc []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-11-10 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-11-10 170480]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-15 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-11-10 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S4 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-22 17:14:56

======Uninstall list======

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AntiMalware-->MsiExec.exe /X{B61570DB-16C8-4700-B8A7-EEDF3CA22593}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{51D7494B-6C54-468F-98E1-1A9997C89329}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{51D7494B-6C54-468F-98E1-1A9997C89329}
BlackBerry Device Software Updater-->MsiExec.exe /X{03B0EB18-51D2-4302-B92C-BBAE869FFBBF}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Remote Access-->MsiExec.exe /I{F66A31D9-7831-4FBA-BA02-C411C0047CC5}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Easy Duplicate Finder v. 2.2.1-->"C:\Program Files\Easy Duplicate Finder\unins000.exe"
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Error Fix-->MsiExec.exe /X{99465F9E-F8F3-44C1-AA97-67A347F3E0A1}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Lexmark X5100 Series-->C:\Program Files\Lexmark X5100 Series\Install\x86\Uninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
OneRiot Pulse Checker-->MsiExec.exe /I{D7F954FE-44EB-4CFB-9EC2-CFA91264DA0E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RC_Vista.exe-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{56BED62F-278A-407B-8BCD-E645EC96D2ED}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe" /Log="C:\Users\beth\AppData\Local\Temp\Uninstall.txt"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VSO Image Resizer 2.1.8.2-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
Walmart MP3 Music Downloads-->C:\Program Files\Walmart MP3 Music Downloads\uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.4502-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Security center information======

AV: Trend Micro Internet Security
AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender
AS: AntiMalware

======System event log======

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 16555
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 16455
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 16450
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 16447
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948609(Update) into Install Requested(Install Requested) state
Record Number: 16443
Source Name: Microsoft-Windows-Servicing
Time Written: 20090320190744.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: beth-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1557764662-1018864607-510692554-1000:
Process 5160 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1557764662-1018864607-510692554-1000

Record Number: 508
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090320204534.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 499
Source Name: Microsoft-Windows-WMI
Time Written: 20090320204238.000000-000
Event Type: Error
User:

Computer Name: beth-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1557764662-1018864607-510692554-1000:
Process 580 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1557764662-1018864607-510692554-1000

Record Number: 480
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090320203923.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: beth-PC
Event Code: 508
Message: Windows (2240) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 123392 (0x000000000001e200) for 7168 (0x00001c00) bytes succeeded, but took an abnormally long time (7169 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 458
Source Name: ESENT
Time Written: 20090320184831.000000-000
Event Type: Warning
User:

Computer Name: beth-PC
Event Code: 508
Message: Windows (2240) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 1146880 (0x0000000000118000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (7168 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 457
Source Name: ESENT
Time Written: 20090320184831.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: beth-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 451
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164510.721400-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 450
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164510.721400-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4f4
Name: C:\Windows\System32\svchost.exe

Previous Time: 11:44:59 AM 3/20/2009
New Time: 11:44:59 AM 3/20/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 449
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164459.661000-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4f4
Name: C:\Windows\System32\svchost.exe

Previous Time: 11:46:28 AM 3/20/2009
New Time: 11:44:59 AM 3/20/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 448
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090320164459.646045-000
Event Type: Audit Success
User:

Computer Name: beth-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1557764662-1018864607-510692554-1000
Account Name: beth
Domain Name: beth-PC
Logon ID: 0xd539f
Record Number: 447
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090320162752.769611-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#12 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:31 PM

Posted 25 August 2009 - 02:56 PM

Hello bethlthealth,

I'm not getting the info.txt.


My bad. I should have changed the instructions. On subsequent runs of RSIT only the log.txt is provided.

Info.txt from the first run is sufficient. :thumbup2:
PW

#13 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 25 August 2009 - 03:38 PM

LOL...ur bad eh?
NOT!
U r in the process of helping how MANY ppl? I thank you and appreciate your time, knowledge, and trouble.
Now, I will quit sendin off topic replies so you won't have to keep checking.
These, at present are coming to my phone so I know when to come back to you.
Doesn't mean they will continue to come and notify me quickly.
But I will do my best to keep coming and checking for your replies to get this over asap.
And I promise ( I do not make them lightly) to do my very best to understand and not be a piya :-)
Thank you again,
God bless,
Beth

#14 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:31 PM

Posted 27 August 2009 - 09:42 AM

Hello bethlthealth,

I don't see any indications of malware on your computer so far but lets run an MBAM scan. :thumbup2:

First though, the following is referring to Errorfix. Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Now please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

In your next reply please post the MBAM log.
PW

#15 bethlthealth

bethlthealth
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 29 August 2009 - 04:32 AM

Hi,
Just a quick note to let you know I'm working on it.
I tried to buy the malwarebytes and something happened and it isn't coming thru.. not in email or my bank.
I sent them an email inquiring about it, but haven't heard anything back, well the standard we've recieved ur email thingy.
I guess this next might be a whole nother topic. But the fake windows security alerts thing keeps popping up and closes
all open browsers and starts the fake scan thing. i had to use task manager tonight to shut it all down as it wouldn't let me cancel,
close or exit from any of them.
Oh, I can't find my trend micro anywhere. Just disappeared when the fake windows security alert thing started.
K, thank you and I'm trying to work on it.
God bless,
Beth




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users