Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xwoarh.sys


  • This topic is locked This topic is locked
2 replies to this topic

#1 cculhanepsm

cculhanepsm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 01 December 2009 - 12:31 PM

Hello,

I am reposting my original post and logs in the hopes that someone can help me out.

New RIST logs are at the bottom of the thread.



First time poster here. I have tried for a week to fix this and now its time for expert intercession.

It appears both IE and Firefox are hijacked and redirected to find-for-you-service.com.

Additionally, I believe I have something nasty in c:\windows\system32\drivers\xwoarh.sys
All research points to something nasty. I cannot remove, rename or otherwise delete the file, locks up the entire computer when it gets poked.

I have tried all manner of AV scanners and nothing seems to run to completion. They all stop at the system 32 drivers folder. You may evidence of multiple AV software installs and removals.

I cannot run root repeal for the same reason.


the dds log follows.

DDS (Ver_09-09-29.01) - NTFSx86
Run by cliff at 1:05:38.45 on Mon 10/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2389 [GMT -4:00]

AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cliff.ECT\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.google.com/a/eandctech.com/Serv...t<mplcache=2
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\update
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255047923843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254797198875
DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} - hxxp://www.trimble.com/datatransfer/v147/isetupml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cliff.ect\applic~1\mozilla\firefox\profiles\fh1tl68k.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\cliff.ect\local settings\application data\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-10-14 86552]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-10-5 582992]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-10-5 206608]
S0 cerc6;cerc6; [x]
S1 fd415861;fd415861;c:\windows\system32\drivers\fd415861.sys --> c:\windows\system32\drivers\fd415861.sys [?]
S2 xwoarh;xwoarh;c:\windows\system32\drivers\xwoarh.sys [2009-10-5 175616]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-10-14 24876]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-10-5 206608]
S3 TrmbTS;TrimbleTS Driver (TrmbTS.sys);c:\windows\system32\drivers\TrmbTS.sys [2007-4-4 29184]
S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [2007-4-4 9881]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-16 1174152]

=============== Created Last 30 ================

2009-10-12 00:49 3,250 a------- c:\windows\system32\wbem\Outlook_01ca4af75d8ded57.mof
2009-10-11 17:45 <DIR> --d----- c:\docume~1\cliff.ect\applic~1\Office Genuine Advantage
2009-10-10 13:42 <DIR> --d----- c:\program files\G Data
2009-10-10 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-10 08:27 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-09 19:15 <DIR> --d----- c:\docume~1\cliff.ect\applic~1\Uniblue
2009-10-09 18:56 2,066,432 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-10-09 18:55 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-09 18:55 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-09 18:55 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-09 18:55 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-09 18:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-10-09 18:55 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-10-09 18:01 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-10-09 18:01 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-10-09 18:01 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-10-09 18:01 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-10-09 18:01 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-10-09 18:01 72,704 ac------ c:\windows\system32\dllcache\wingb.ime
2009-10-09 18:01 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-10-09 17:59 92,160 ac------ c:\windows\system32\dllcache\evntwin.exe
2009-10-09 17:57 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-09 17:57 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-09 17:57 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-09 17:57 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-09 17:57 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-10-09 17:57 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-09 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-10-09 16:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
2009-10-09 16:08 <DIR> --d----- c:\program files\Dell Support Center
2009-10-09 16:08 <DIR> --d----- c:\program files\common files\supportsoft
2009-10-08 21:35 171 a------- c:\windows\system32\conf.xml
2009-10-08 21:31 <DIR> --d----- c:\windows\system32\NtmsData
2009-10-08 20:13 520,192 -------- c:\windows\system32\ati2sgag.exe
2009-10-08 19:36 16,535 a----r-- c:\windows\SET72.tmp
2009-10-08 19:36 1,088,840 a----r-- c:\windows\SET66.tmp
2009-10-08 19:36 1,296,669 a----r-- c:\windows\SET63.tmp
2009-10-08 18:51 4,444 a------- c:\windows\system32\pid.PNF
2009-10-08 18:50 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-10-08 18:50 16,535 a----r-- c:\windows\SETDF.tmp
2009-10-08 18:50 1,088,840 a----r-- c:\windows\SETD3.tmp
2009-10-08 18:50 1,296,669 a----r-- c:\windows\SETD0.tmp
2009-10-08 18:50 4,754 a------- c:\windows\setupapi.old
2009-10-08 18:17 <DIR> --d----- c:\program files\CCleaner
2009-10-08 18:11 389,120 a------- c:\windows\system32\CF27903.exe
2009-10-08 17:17 <DIR> a-dshr-- C:\cmdcons
2009-10-08 14:42 <DIR> --d----- c:\windows\Dell
2009-10-08 13:05 <DIR> --d----- c:\docume~1\cliff.ect\applic~1\Malwarebytes
2009-10-08 09:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-07 18:17 <DIR> --d----- c:\documents and settings\cliff.ect\.scribus
2009-10-07 18:17 <DIR> --d----- c:\program files\Scribus 1.3.3.13
2009-10-06 20:32 68,976 a------- c:\windows\system32\drivers\GRD.sys
2009-10-06 20:32 51,784 a------- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-10-06 20:28 53,320 a------- c:\windows\system32\drivers\MiniIcpt.sys
2009-10-06 20:27 27,720 a------- c:\windows\system32\drivers\GDBehave.sys
2009-10-06 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\G DATA
2009-10-06 14:07 <DIR> --d----- c:\windows\system32\Dell
2009-10-06 13:46 262,144 a------- c:\windows\system32\default_user_class.dat
2009-10-06 12:41 <DIR> --d----- c:\program files\ACW
2009-10-06 11:40 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-05 22:06 <DIR> --d----- c:\program files\UPHClean
2009-10-05 21:54 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-10-05 21:33 <DIR> --d----- C:\2d684e3926d475e8cc30ab71296d
2009-10-05 19:55 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-05 19:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-05 16:11 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-10-05 16:11 <DIR> --d----- c:\program files\Trend Micro
2009-10-05 15:27 <DIR> --d----- C:\53d46bf1f8fdf3b8c93a324a
2009-10-05 15:22 <DIR> --dsh--- c:\documents and settings\cliff.ect\IECompatCache
2009-10-05 15:13 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-10-05 15:07 <DIR> --d----- c:\documents and settings\cliff.ect\.housecall6.6
2009-10-05 10:33 175,616 a--s---- c:\windows\system32\drivers\xwoarh.sys
2009-10-03 22:19 96,072 a---h--- c:\windows\system32\mlfcache.dat
2009-10-03 13:42 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-03 13:42 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 13:41 <DIR> --d----- c:\program files\iPod
2009-10-03 13:41 <DIR> --d----- c:\program files\iTunes
2009-10-03 13:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 13:41 <DIR> --d----- c:\program files\Bonjour
2009-09-15 21:06 31 a------- c:\windows\tgo_v160.ini
2009-09-13 20:52 <DIR> --d----- C:\GRASS-6-SVN

==================== Find3M ====================

2009-10-10 08:36 128,832 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-09 17:56 23,412 a------- c:\windows\system32\emptyregdb.dat
2009-10-07 22:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-27 08:20 87,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2008-09-24 14:39 88 a--shr-- c:\windows\system32\55D4A5C27A.sys
2008-09-24 14:39 3,452 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 1:05:51.89 ===============

info.txt logfile of random's system information tool 1.06 2009-12-01 11:01:27

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AccuGrade Office-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399DDDD4-AA27-416B-B519-260816EF0F4F}\Setup.exe" -l0x9 Uninstall -removeonly
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-100000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcGIS Explorer Data Access Expansion Pack-->MsiExec.exe /X{DAD595CF-8498-4418-9BC8-C075B41185EA}
ArcGIS Explorer Fonts Expansion Pack-->MsiExec.exe /X{01F9D5B9-BAF9-46E1-835D-60229F04BF7F}
ArcGIS Explorer Projection Engine Expansion Pack-->MsiExec.exe /X{C42AC9B0-CBDA-47C6-AACA-1A6A2EE00C01}
ArcGIS Explorer-->"C:\Program Files\Explorer\Support\ESRI.exe" msiexec.exe /i {7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk Civil 3D 2007-->MsiExec.exe /I{5783F2D7-5000-0409-0002-0060B0CE6BBA}
Autodesk Design Review 2009-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
Autodesk Land Desktop 2007-->MsiExec.exe /I{5783F2D7-5008-0409-0002-0060B0CE6BBA}
Autodesk Revit 7.0-->MsiExec.exe /I{E3D15ED3-7156-495F-8B48-7CDD7DD55AE9}
Bentley InRoads Group XM Edition (V8.9)-->MsiExec.exe /X{7E7AA68A-FF7C-4D2B-87DA-89B122177476}
Bentley MicroStation V8 XM Edition 08.09.04.51-->MsiExec.exe /I{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{39822393-2324-4705-9010-1AB76DA144A2}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{39822393-2324-4705-9010-1AB76DA144A2}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon CanoScan Toolbox 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\Setup.exe" -l0x9 anything
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Configuration Toolbox-->RunDll32 C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A8C6269-455A-11D4-A192-0000C0D7B6D1}\setup.exe" Uninstall
Corpscon for Windows-->C:\Corpscon\UNWISE.EXE C:\Corpscon\INSTALL.LOG
Cortona® VRML Client-->C:\PROGRA~1\PARALL~1\CORTON~1\UNWISE32.EXE C:\PROGRA~1\PARALL~1\CORTON~1\Install.log
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GRASS-->C:\GRASS-6-SVN\Uninstall-GRASS.exe
HijackThis 2.0.2-->"C:\Program Files\Hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
hp LaserJet 1160/1320 series-->MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD}
HP Officejet Pro All-In-One Series-->C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
HP Solution Center 7.0-->C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intermediate Algebra-->C:\Program Files\Hawkes Learning Systems\IMA\Uninstal\unwise.exe
iSqFt Full Viewer V4.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}\Setup.exe" CPUninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lizardtech Express View Browser Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}\Setup.exe" -l0x9
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Accounting 2006-->MsiExec.exe /X{F413D795-B077-4A96-AE75-810BBA673A0E}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPM-->MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Oce Repro Desk Client Tools-->MsiExec.exe /I{2DD44090-9A83-48D3-B67D-B4DD19587011}
OCR Software by I.R.I.S 7.0-->C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Perfect Attorney Premium-->MsiExec.exe /X{5F61D2CD-4C94-41CD-BE40-7BCE201686D8}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Pro Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Revit Architecture 2009-->MsiExec.exe /X{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Media Manager-->MsiExec.exe /X{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SBA-->MsiExec.exe /I{20F51690-133A-453C-B616-1C15AB2C0EF0}
Scribus 1.3.3.13-->C:\Program Files\Scribus 1.3.3.13\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicWALL Global VPN Client 4.0.0.835-->C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe -runfromtemp -l0x0009 -FromCPL -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Topcon Image Master Viewer-->MsiExec.exe /I{70563108-FD89-4A4B-9415-03B2DD1C58A3}
Trimble Data Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetupML -ether"C:\Program Files\InstallShield Installation Information\{D2D40BAE-7B66-11D3-882B-00105A64914B}" -l0009 -l0x9 -l0009 uninstall
Trimble Geomatics Office v1.63-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5161B3-ECCB-4099-9D9B-CFCF5B7010E6}\Setup.exe" -l0009
Trimble Terramodel 10.43-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1E572BD-5E4C-41BA-BA73-8994885ED606}\setup.exe" -l0x9
Trimble Terramodel Visualizer 2.05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{340930A0-62CA-4B9F-BC85-025FA0127F89}\setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VNC Enterprise Edition E4.4.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.8.0-->"C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"

======Hosts File======

192.168.1.101 HP001E0BFEBEB9
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: (disabled)
FW: (disabled)

======System event log======

Computer Name: CLIFF_DESK
Event Code: 3004
Message:
Record Number: 914
Source Name: OneCareMP
Time Written: 20091006133823.000000-240
Event Type: warning
User:

Computer Name: CLIFF_DESK
Event Code: 3004
Message:
Record Number: 913
Source Name: OneCareMP
Time Written: 20091006133822.000000-240
Event Type: warning
User:

Computer Name: CLIFF_DESK
Event Code: 3004
Message:
Record Number: 912
Source Name: OneCareMP
Time Written: 20091006133822.000000-240
Event Type: warning
User:

Computer Name: CLIFF_DESK
Event Code: 3004
Message:
Record Number: 911
Source Name: OneCareMP
Time Written: 20091006133821.000000-240
Event Type: warning
User:

Computer Name: CLIFF_DESK
Event Code: 3004
Message:
Record Number: 910
Source Name: OneCareMP
Time Written: 20091006133821.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: CLIFF_DESK
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 7
Source Name: AutoEnrollment
Time Written: 20091010170350.000000-240
Event Type: error
User:

Computer Name: CLIFF_DESK
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 5
Source Name: Userenv
Time Written: 20091010170348.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CLIFF_DESK
Event Code: 1008
Message: The installation of C:\Documents and Settings\cliff.ECT\Local Settings\Application Data\Downloaded Installations\{BFACC97E-DB39-4D7F-9589-C5D910B71149}\setup.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Record Number: 3
Source Name: MsiInstaller
Time Written: 20091010165057.000000-240
Event Type: error
User: ECT\cliff

Computer Name: CLIFF_DESK
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 2
Source Name: Userenv
Time Written: 20091010142559.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: CLIFF_DESK
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 1
Source Name: Userenv
Time Written: 20091010142540.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Oce\Repro Desk;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by cliff at 2009-12-01 11:03:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 390 GB (82%) free of 473 GB
Total RAM: 3070 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:53 AM, on 12/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\xampp\xampp-control.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\DOCUME~1\cliff.ECT\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cliff.ECT\Desktop\downloadfixes\rsit\RSIT.exe
C:\Program Files\Hijackthis\cliff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/eandctech.com/Serv...t<mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255047923843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1254797198875
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.trimble.com/datatransfer/v147/isetupml.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECT.COM
O17 - HKLM\Software\..\Telephony: DomainName = ECT.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECT.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECT.COM
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10002 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3A00A1C9-5B44-4794-A518-3B069FA0892F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-07 149280]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-10-31 417792]
"WMC_AutoUpdate"= []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULAl.exe [2006-08-30 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\cliff.ECT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-10-31 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2004-02-27 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-07 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-05-20 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-10-09 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
C:\Program Files\palmOne\Hotsync.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\HPLASE~1\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2002-11-18 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cliff.ECT^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cliff.ECT^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cliff.ECT^Start Menu^Programs^Startup^palmOne Registration.lnk]
C:\PROGRA~1\palmOne\register.exe [2008-07-18 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xwoarh]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xwoarh]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Disabled:SonicWALL Global VPN Client"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:HP Network Device Rediscovery Service"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dd5dff-da00-11de-8c6a-001676c23fa3}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-12-01 11:01:17 ----D---- C:\rsit
2009-11-27 19:29:58 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2009-11-27 19:29:58 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-11-27 19:22:53 ----D---- C:\Program Files\Hawkes Learning Systems
2009-11-23 13:01:41 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Media Player Classic
2009-11-23 13:01:15 ----D---- C:\AgreeOutput
2009-11-23 12:59:57 ----D---- C:\Program Files\Agree Free AVI WMV MPEG ASF MOV to MP4 Converter
2009-11-23 12:55:23 ----D---- C:\Program Files\Free iPod Video Converter
2009-11-23 09:05:11 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-11-23 09:04:56 ----D---- C:\Program Files\iPod
2009-11-23 09:04:54 ----D---- C:\Program Files\iTunes
2009-11-23 09:04:41 ----D---- C:\Program Files\Bonjour
2009-11-23 09:04:09 ----D---- C:\Program Files\Apple Software Update
2009-11-23 09:04:01 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-11-23 09:03:55 ----D---- C:\Program Files\Common Files\Apple
2009-11-23 09:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-11-21 09:46:22 ----D---- C:\xampp
2009-11-15 14:43:22 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\kompozer.net
2009-11-15 14:23:24 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\gtk-2.0
2009-11-15 14:21:50 ----D---- C:\Program Files\GIMP-2.0
2009-11-13 16:07:50 ----A---- C:\WINDOWS\Corpscon.ini
2009-11-13 16:07:47 ----D---- C:\Corpscon
2009-10-31 12:23:43 ----D---- C:\Program Files\ParallelGraphics
2009-10-31 12:23:42 ----D---- C:\Program Files\Common Files\ParallelGraphics
2009-10-31 10:14:35 ----D---- C:\Program Files\TOPCON
2009-10-21 09:03:53 ----D---- C:\Program Files\Common Files\L&H
2009-10-21 09:03:21 ----D---- C:\Program Files\Microsoft Works
2009-10-21 09:03:09 ----D---- C:\WINDOWS\SHELLNEW
2009-10-21 09:02:28 ----D---- C:\Program Files\Microsoft.NET
2009-10-21 09:01:04 ----RHD---- C:\MSOCache
2009-10-20 13:39:06 ----D---- C:\Program Files\LizardTech
2009-10-14 19:32:32 ----D---- C:\27a165426adb922954821af435ebbcaf
2009-10-14 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 19:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 19:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 19:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 19:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 19:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 19:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 19:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-14 19:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 19:25:08 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-10-14 19:25:08 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-11 16:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-11 16:45:20 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Office Genuine Advantage
2009-10-11 07:45:27 ----D---- C:\Program Files\Hijackthis
2009-10-10 12:42:19 ----D---- C:\Program Files\G Data
2009-10-10 08:37:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\it-IT
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\he-IL
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\es-ES
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\el-GR
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\de-DE
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\da-DK
2009-10-10 07:31:51 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-10 07:27:33 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-10-09 22:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-09 18:15:57 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Uniblue
2009-10-09 18:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-09 18:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-09 18:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-09 18:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-09 18:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-09 18:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-09 18:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-09 18:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-09 18:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-09 18:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-09 18:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-09 18:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-09 18:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-09 18:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-10-09 18:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-09 18:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-09 18:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-09 18:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-09 18:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-09 18:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-09 18:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-09 18:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-09 18:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-09 18:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-09 18:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-09 18:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-09 18:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-09 18:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-09 18:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-09 18:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-09 18:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-09 18:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-09 18:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-09 18:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-09 18:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-09 18:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-09 18:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-09 18:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-09 18:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-09 18:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-09 18:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-09 18:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-09 18:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-09 17:56:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-09 17:47:38 ----A---- C:\WINDOWS\system32\wups2.dll
2009-10-09 17:05:59 ----D---- C:\WINDOWS\Prefetch
2009-10-09 16:57:54 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-09 16:49:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-09 16:49:13 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-09 16:49:04 ----RA---- C:\WINDOWS\SETA6.tmp
2009-10-09 16:49:02 ----RA---- C:\WINDOWS\SET9A.tmp
2009-10-09 16:49:00 ----RA---- C:\WINDOWS\SET97.tmp
2009-10-09 15:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2009-10-09 15:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr
2009-10-09 15:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2009-10-09 15:08:37 ----D---- C:\Program Files\Dell Support Center
2009-10-09 15:08:35 ----D---- C:\Program Files\Common Files\supportsoft
2009-10-08 20:31:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-08 19:13:39 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-10-08 18:36:29 ----RA---- C:\WINDOWS\SET72.tmp
2009-10-08 18:36:28 ----RA---- C:\WINDOWS\SET66.tmp
2009-10-08 18:36:26 ----RA---- C:\WINDOWS\SET63.tmp
2009-10-08 17:50:41 ----RA---- C:\WINDOWS\SETDF.tmp
2009-10-08 17:50:40 ----RA---- C:\WINDOWS\SETD3.tmp
2009-10-08 17:50:38 ----RA---- C:\WINDOWS\SETD0.tmp
2009-10-08 17:17:02 ----D---- C:\Program Files\CCleaner
2009-10-08 17:11:46 ----SHD---- C:\RECYCLER
2009-10-08 17:11:13 ----A---- C:\WINDOWS\system32\CF27903.exe
2009-10-08 16:47:09 ----D---- C:\WINDOWS\temp
2009-10-08 16:17:25 ----SH---- C:\Boot.bak
2009-10-08 16:17:23 ----RASHD---- C:\cmdcons
2009-10-08 16:13:14 ----D---- C:\WINDOWS\ERDNT
2009-10-08 13:50:21 ----A---- C:\vundofix.txt
2009-10-08 13:42:11 ----D---- C:\WINDOWS\Dell
2009-10-08 12:05:47 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Malwarebytes
2009-10-08 12:04:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-08 08:49:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-07 17:17:00 ----D---- C:\Program Files\Scribus 1.3.3.13
2009-10-06 19:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-10-06 13:07:10 ----D---- C:\WINDOWS\system32\Dell
2009-10-06 11:41:33 ----D---- C:\Program Files\ACW
2009-10-06 10:40:29 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-10-05 21:06:12 ----D---- C:\Program Files\UPHClean
2009-10-05 20:54:34 ----D---- C:\Program Files\Windows Installer Clean Up
2009-10-05 20:33:27 ----D---- C:\2d684e3926d475e8cc30ab71296d
2009-10-05 18:55:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-05 18:55:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-05 15:11:52 ----D---- C:\Program Files\Trend Micro
2009-10-05 14:27:12 ----D---- C:\53d46bf1f8fdf3b8c93a324a
2009-10-05 14:13:57 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-10-05 13:50:58 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-05 13:50:58 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-05 13:50:58 ----A---- C:\WINDOWS\system32\java.exe
2009-10-03 12:42:07 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Apple Computer
2009-10-03 12:41:43 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 12:41:12 ----D---- C:\Program Files\QuickTime
2009-10-03 12:41:12 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-03 12:40:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-15 20:06:11 ----A---- C:\WINDOWS\tgo_v160.ini
2009-09-15 19:48:32 ----D---- C:\Program Files\7-Zip
2009-09-13 19:52:48 ----D---- C:\GRASS-6-SVN
2009-09-10 19:39:36 ----D---- C:\Program Files\ESRI
2009-09-10 16:21:22 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\esri
2009-09-10 16:00:45 ----D---- C:\Program Files\Explorer
2009-09-10 16:00:45 ----D---- C:\Program Files\Common Files\ArcGIS
2009-09-09 09:37:10 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Canon
2009-09-09 09:29:20 ----D---- C:\Program Files\Canon
2009-09-09 09:25:33 ----A---- C:\WINDOWS\system32\CNQU77.DLL
2009-09-09 09:25:33 ----A---- C:\WINDOWS\system32\CNQL1208.dll

======List of files/folders modified in the last 3 months======

2009-12-01 09:45:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-01 08:57:29 ----D---- C:\WINDOWS\system32\drivers
2009-11-29 10:32:58 ----D---- C:\Program Files\Mozilla Firefox
2009-11-27 19:33:13 ----HD---- C:\WINDOWS\inf
2009-11-27 19:29:58 ----D---- C:\WINDOWS\system32
2009-11-27 19:22:53 ----RD---- C:\Program Files
2009-11-25 15:29:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-25 15:25:39 ----D---- C:\WINDOWS
2009-11-25 15:23:57 ----SHD---- C:\WINDOWS\CSC
2009-11-25 15:23:38 ----D---- C:\Program Files\Windows Media Player
2009-11-23 09:05:21 ----SHD---- C:\WINDOWS\Installer
2009-11-23 09:05:21 ----D---- C:\Config.Msi
2009-11-23 09:04:10 ----SD---- C:\WINDOWS\Tasks
2009-11-23 09:04:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-23 09:03:55 ----D---- C:\Program Files\Common Files
2009-11-19 07:45:46 ----D---- C:\WINDOWS\system32\wbem
2009-11-19 07:45:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-17 12:41:11 ----SD---- C:\Documents and Settings\cliff.ECT\Application Data\Microsoft
2009-11-17 09:46:02 ----D---- C:\WINDOWS\RegisteredPackages
2009-11-17 09:45:56 ----D---- C:\WINDOWS\Help
2009-11-13 16:07:43 ----D---- C:\WINDOWS\system
2009-11-13 08:27:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-11 16:31:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-31 12:27:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-31 09:08:57 ----A---- C:\WINDOWS\system32\gvc_trace.txt
2009-10-28 14:11:02 ----D---- C:\TMLStore
2009-10-21 09:04:48 ----A---- C:\WINDOWS\ODBC.INI
2009-10-21 09:04:27 ----RSD---- C:\WINDOWS\assembly
2009-10-21 09:04:23 ----A---- C:\WINDOWS\win.ini
2009-10-21 09:03:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-21 09:03:56 ----RSD---- C:\WINDOWS\Fonts
2009-10-21 09:03:23 ----D---- C:\Program Files\Microsoft Office
2009-10-21 09:03:10 ----D---- C:\Program Files\Common Files\System
2009-10-21 08:53:12 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-21 08:35:40 ----D---- C:\WINDOWS\Debug
2009-10-21 08:34:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-20 17:00:34 ----D---- C:\TEMP
2009-10-14 20:01:13 ----RASH---- C:\boot.ini
2009-10-14 19:49:10 ----D---- C:\Program Files\Internet Explorer
2009-10-14 19:34:09 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 19:31:45 ----D---- C:\WINDOWS\WinSxS
2009-10-14 19:31:04 ----D---- C:\WINDOWS\system32\en-US
2009-10-11 07:51:22 ----SHD---- C:\System Volume Information
2009-10-11 07:51:22 ----D---- C:\WINDOWS\system32\Restore
2009-10-10 12:23:53 ----D---- C:\WINDOWS\Minidump
2009-10-10 08:37:51 ----D---- C:\Program Files\AVG
2009-10-10 07:29:06 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-10 07:27:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-10 07:18:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-09 18:06:55 ----D---- C:\WINDOWS\AppPatch
2009-10-09 18:03:58 ----D---- C:\Program Files\Outlook Express
2009-10-09 18:01:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-09 17:59:44 ----HDC---- C:\WINDOWS\ie7
2009-10-09 17:11:05 ----D---- C:\WINDOWS\Registration
2009-10-09 17:05:25 ----D---- C:\WINDOWS\system32\config
2009-10-09 16:59:06 ----D---- C:\WINDOWS\security
2009-10-09 16:58:48 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-09 16:57:57 ----RD---- C:\WINDOWS\Web
2009-10-09 16:57:49 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-09 16:57:35 ----D---- C:\WINDOWS\system32\oobe
2009-10-09 16:56:56 ----D---- C:\WINDOWS\system32\Com
2009-10-09 16:51:21 ----D---- C:\drivers
2009-10-09 16:49:18 ----A---- C:\WINDOWS\system.ini
2009-10-09 16:49:10 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-09 15:09:44 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2009-10-09 15:08:45 ----D---- C:\dell
2009-10-09 12:45:22 ----D---- C:\WINDOWS\system32\Setup
2009-10-09 12:45:17 ----D---- C:\WINDOWS\l2schemas
2009-10-09 12:45:16 ----D---- C:\WINDOWS\system32\usmt
2009-10-09 12:45:03 ----D---- C:\WINDOWS\mui
2009-10-09 12:45:02 ----D---- C:\WINDOWS\ime
2009-10-09 12:45:02 ----D---- C:\WINDOWS\ehome
2009-10-09 12:45:01 ----D---- C:\WINDOWS\Media
2009-10-09 12:45:00 ----D---- C:\WINDOWS\network diagnostic
2009-10-09 12:44:58 ----D---- C:\WINDOWS\system32\scripting
2009-10-09 12:44:51 ----D---- C:\WINDOWS\PeerNet
2009-10-09 12:44:42 ----D---- C:\WINDOWS\system32\npp
2009-10-09 12:44:38 ----D---- C:\WINDOWS\msagent
2009-10-09 12:44:35 ----D---- C:\WINDOWS\system32\en
2009-10-09 12:42:24 ----D---- C:\WINDOWS\twain_32
2009-10-09 12:41:52 ----D---- C:\WINDOWS\system32\icsxml
2009-10-09 12:41:32 ----D---- C:\WINDOWS\system32\ias
2009-10-09 12:41:29 ----D---- C:\WINDOWS\system32\1033
2009-10-09 12:40:49 ----D---- C:\WINDOWS\Driver Cache
2009-10-08 20:17:05 ----D---- C:\HYPACK
2009-10-08 20:16:46 ----D---- C:\Program Files\Google
2009-10-08 19:13:36 ----D---- C:\Program Files\Intel
2009-10-08 19:13:20 ----D---- C:\Program Files\ATI Technologies
2009-10-08 19:12:35 ----D---- C:\Program Files\Dell
2009-10-08 12:04:02 ----D---- C:\Program Files\BAE
2009-10-08 12:03:23 ----D---- C:\WINDOWS\system32\DLA
2009-10-07 21:05:42 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-07 20:58:10 ----D---- C:\Program Files\Java
2009-10-06 13:07:17 ----D---- C:\Program Files\EphPod
2009-10-06 13:07:17 ----D---- C:\Program Files\Cosmi
2009-10-06 13:05:03 ----D---- C:\Program Files\Windows Live Safety Center
2009-10-06 12:12:23 ----D---- C:\Program Files\Common Files\Real
2009-10-05 21:38:29 ----D---- C:\WINDOWS\ie8updates
2009-10-05 20:54:18 ----D---- C:\Program Files\MSECache
2009-10-05 20:51:11 ----D---- C:\Documents and Settings\cliff.ECT\Application Data\Mozilla
2009-10-05 17:29:05 ----D---- C:\WINDOWS\pss
2009-10-05 17:19:55 ----D---- C:\Shared
2009-10-05 13:52:17 ----D---- C:\Program Files\Online Services
2009-10-05 13:52:12 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-05 10:32:39 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-10-03 12:10:40 ----D---- C:\Program Files\AirLink
2009-10-02 13:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-11 09:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-09 09:25:33 ----D---- C:\CanoScan
2009-09-04 16:03:36 ----A---- C:\WINDOWS\system32\msasn1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-02-08 125200]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 fd415861;fd415861; C:\WINDOWS\System32\drivers\fd415861.sys []
S2 xwoarh;xwoarh; C:\WINDOWS\system32\drivers\xwoarh.sys [2009-10-05 175616]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 327808]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2005-07-20 100096]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\cliff.ECT\LOCALS~1\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 TrmbTS;TrimbleTS Driver (TrmbTS.sys); C:\WINDOWS\System32\Drivers\TrmbTS.sys [2007-04-23 29184]
S3 TRMUSB5K;Trimble USB GPS Driver; C:\WINDOWS\system32\drivers\TRMUSB5K.sys [2000-06-20 9881]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-14 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-11-21 24640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-07 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-01-29 201968]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-06-12 2159992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-10-28 79360]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2006-08-11 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lpdsvc;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
S3 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2008-03-24 230672]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S4 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S4 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-08-30 1174152]
S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:44 AM

Posted 02 December 2009 - 11:20 AM

Hello cculhanepsm,

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:44 AM

Posted 07 December 2009 - 09:51 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users